CVE-2023-42465

Updated: 2024-02-23 08:39:16.427594

Description:

Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU sudo 1.9.5p2 7 HIGH Released CLSA-2024:1709547826 2024-03-04 08:43:30
CentOS 6 ELS sudo 1.8.6p3 7 HIGH Ignored 2024-02-23 08:39:16
CentOS 7 ELS sudo 1.8.23 7 HIGH In Progress 2024-01-05 13:08:41
CentOS 8.4 ELS sudo 1.8.29-7 7 HIGH Released CLSA-2024:1708426423 2024-02-20 08:27:47
CentOS 8.5 ELS sudo 1.8.29-7 7 HIGH Released CLSA-2024:1708426650 2024-02-20 08:27:46
CloudLinux 6 ELS sudo 1.8.6p3 7 HIGH Ignored 2024-02-23 08:39:16
Oracle Linux 6 ELS sudo 1.8.6p3 7 HIGH Ignored 2024-02-23 08:39:17
Ubuntu 16.04 ELS sudo 1.8.16 7 HIGH Not Vulnerable 2024-02-01 08:39:19
Ubuntu 18.04 ELS sudo 1.8.21 7 HIGH Not Vulnerable 2024-02-01 08:39:20

Statement

We have reasoned not to port this fix since it requires too intrusive changes to the authorization state related mechanisms on older versions of sudo