CVE-2023-49937

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Weakness

The product calls free() twice on the same memory address.

Affected Software

Name	Vendor	Start Version	End Version
Slurm	Schedmd	22.05 (including)	22.05.12 (excluding)
Slurm	Schedmd	23.02 (including)	23.02.7 (excluding)
Slurm	Schedmd	23.11 (including)	23.11 (including)
Slurm	Schedmd	23.11-rc1 (including)	23.11-rc1 (including)
Slurm-llnl	Ubuntu	bionic	*
Slurm-llnl	Ubuntu	esm-apps/bionic	*
Slurm-llnl	Ubuntu	esm-apps/focal	*
Slurm-llnl	Ubuntu	esm-apps/xenial	*
Slurm-llnl	Ubuntu	esm-infra-legacy/trusty	*
Slurm-llnl	Ubuntu	focal	*
Slurm-llnl	Ubuntu	trusty	*
Slurm-llnl	Ubuntu	trusty/esm	*
Slurm-llnl	Ubuntu	xenial	*
Slurm-wlm	Ubuntu	bionic	*
Slurm-wlm	Ubuntu	esm-apps/jammy	*
Slurm-wlm	Ubuntu	jammy	*
Slurm-wlm	Ubuntu	lunar	*
Slurm-wlm	Ubuntu	mantic	*
Slurm-wlm	Ubuntu	oracular	*
Slurm-wlm	Ubuntu	trusty	*
Slurm-wlm	Ubuntu	xenial	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-49937
CWE	https://cwe.mitre.org/data/definitions/415.html

Double Free

Weakness

Affected Software

Potential Mitigations

References