CVE-2023-42465
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.3%
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| sudo_project:sudo | sudo project sudo | lt | 1.9.15 |
References
arxiv.org/abs/2309.02545
github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f
github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R4Q23NHCKCLFIHSNY6KJ27GM7FSCEVXM/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/
security.gentoo.org/glsa/202401-29
security.netapp.com/advisory/ntap-20240208-0002/
www.openwall.com/lists/oss-security/2023/12/21/9
www.sudo.ws/releases/changelog/
Social References
More
Related
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.3%