PT-2023-8199 · Schedmd+2 · Slurm+2

Ryan Hall

·

Published

2023-12-13

·

Updated

2026-05-06

·

CVE-2023-49933

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:C/A:N
Name of the Vulnerable Software and Affected Versions SchedMD Slurm versions 22.05.x through 22.05.10 SchedMD Slurm versions 23.02.x through 23.02.6 SchedMD Slurm versions 23.11.x through 23.11.0
Description The issue is related to the improper enforcement of message integrity during transmission in a communication channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks, potentially enabling them to exploit the system. The exploitation of this issue can be done remotely.
Recommendations For SchedMD Slurm versions 22.05.x through 22.05.10, update to version 22.05.11. For SchedMD Slurm versions 23.02.x through 23.02.6, update to version 23.02.7. For SchedMD Slurm versions 23.11.x through 23.11.0, update to version 23.11.1.

Fix

Weakness Enumeration

CWE-924

Related Identifiers

BDU:2024-00191
CVE-2023-49933
DSA-5609-1
OPENSUSE-SU-2024:13559-1
OPENSUSE-SU-2024_0278-1
OPENSUSE-SU-2024_0279-1
OPENSUSE-SU-2024_0280-1
OPENSUSE-SU-2024_0283-1
OPENSUSE-SU-2024_0284-1
OPENSUSE-SU-2024_0288-1
SUSE-SU-2024:0278-1
SUSE-SU-2024:0279-1
SUSE-SU-2024:0280-1
SUSE-SU-2024:0283-1
SUSE-SU-2024:0284-1
SUSE-SU-2024:0286-1
SUSE-SU-2024:0287-1
SUSE-SU-2024:0288-1
SUSE-SU-2024:0289-1
SUSE-SU-2024:0309-1
SUSE-SU-2024:0310-1
SUSE-SU-2024:0311-1
SUSE-SU-2024:0312-1
SUSE-SU-2024:0313-1
SUSE-SU-2024:0314-1
SUSE-SU-2024:0315-1
SUSE-SU-2024_0284-1
SUSE-SU-2024_0286-1
SUSE-SU-2024_0287-1
SUSE-SU-2024_0289-1
SUSE-SU-2024_0310-1
SUSE-SU-2024_0311-1
SUSE-SU-2024_0312-1
SUSE-SU-2024_0315-1
USN-8236-1

Affected Products

Debian
Slurm
Suse