CRITICAL🇵🇱 Wersja polska

CVE-2023-49937

CVSS 9.8v3.1pub. 2023-12-14upd. 2025-11-04

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

🤖 AI Analysis
How it works

The vulnerability consists of a double free of the same memory area (double free), which is a classic memory management error. An attacker can exploit this mechanism to corrupt the process heap (heap corruption), which in turn opens a path to arbitrary code execution or service destabilization. The attack requires no authentication or user interaction and is possible over the network.

Impact

An attacker can cause system failure (DoS) or execute arbitrary code on a vulnerable Slurm server, potentially gaining full control over it.

Mitigation & patch

SchedMD Slurm should be updated to version 22.05.11, 23.02.7 or 23.11.1, depending on the branch in use. Patches are available from the vendor and in distribution repositories (including Fedora).

Who is affected

SchedMD Slurm in versions 22.05.x, 23.02.x and 23.11.x (prior to patches).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Schedmd Slurm

    APP
    Schedmd
    23.1122.05 – 22.05.12 (bez)23.02 – 23.02.7 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDoS
CWE
References

Related vulnerabilities

CVE-2023-49934CRITICAL9.8PL ✓ten sam produkt

SQL Injection w SchedMD Slurm 23.11.x przeciwko bazie SlurmDBD

CVE-2022-29502CRITICAL9.8ten sam produkt

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges.

CVE-2020-27745CRITICAL9.8ten sam produkt

Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.

CVE-2019-12838CRITICAL9.8ten sam produkt

SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection.

CVE-2019-6438CRITICAL9.8ten sam produkt

SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems.