Vulnerability Details : CVE-2023-42465
Potential exploit
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
Vulnerability category: Gain privilege
Products affected by CVE-2023-42465
- cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-42465
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 5 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-42465
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.0
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST | 2024-01-03 |
References for CVE-2023-42465
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/
[SECURITY] Fedora 39 Update: sudo-1.9.15-1.p5.fc39 - package-announce - Fedora Mailing-Lists
-
https://security.netapp.com/advisory/ntap-20240208-0002/
CVE-2023-42465 Sudo Vulnerability in NetApp Products | NetApp Product Security
-
https://security.gentoo.org/glsa/202401-29
sudo: Memory Manipulation (GLSA 202401-29) — Gentoo security
-
https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f
Try to make sudo less vulnerable to ROWHAMMER attacks. · sudo-project/sudo@7873f83 · GitHubPatch
-
https://arxiv.org/abs/2309.02545
[2309.02545] Mayhem: Targeted Corruption of Register and Stack VariablesTechnical Description;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R4Q23NHCKCLFIHSNY6KJ27GM7FSCEVXM/
[SECURITY] Fedora 38 Update: sudo-1.9.15-1.p5.fc38 - package-announce - Fedora Mailing-Lists
-
https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15
Release Sudo 1.9.15 · sudo-project/sudo · GitHubRelease Notes
-
https://www.openwall.com/lists/oss-security/2023/12/21/9
oss-security - Mayhem: Targeted Corruption of Register and Stack VariablesExploit;Mailing List
-
https://www.sudo.ws/releases/changelog/
Release Notes
Jump to