{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-42465", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T19:23:38.880Z", "dateReserved": "2023-09-11T00:00:00", "datePublished": "2023-12-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-18T03:06:16.859787"}, "descriptions": [{"lang": "en", "value": "Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.sudo.ws/releases/changelog/"}, {"url": "https://www.openwall.com/lists/oss-security/2023/12/21/9"}, {"url": "https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f"}, {"url": "https://arxiv.org/abs/2309.02545"}, {"url": "https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15"}, {"name": "GLSA-202401-29", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202401-29"}, {"name": "FEDORA-2024-cdccda4f62", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/"}, {"url": "https://security.netapp.com/advisory/ntap-20240208-0002/"}, {"name": "FEDORA-2024-6fa5af9ea8", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R4Q23NHCKCLFIHSNY6KJ27GM7FSCEVXM/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:23:38.880Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.sudo.ws/releases/changelog/", "tags": ["x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2023/12/21/9", "tags": ["x_transferred"]}, {"url": "https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f", "tags": ["x_transferred"]}, {"url": "https://arxiv.org/abs/2309.02545", "tags": ["x_transferred"]}, {"url": "https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15", "tags": ["x_transferred"]}, {"name": "GLSA-202401-29", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202401-29"}, {"name": "FEDORA-2024-cdccda4f62", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/"}, {"url": "https://security.netapp.com/advisory/ntap-20240208-0002/", "tags": ["x_transferred"]}, {"name": "FEDORA-2024-6fa5af9ea8", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R4Q23NHCKCLFIHSNY6KJ27GM7FSCEVXM/"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*", "matchCriteriaId": "0352673D-D618-41C1-BC9F-8B3582BC277E", "versionEndExcluding": "1.9.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit."}, {"lang": "es", "value": "Sudo anterior a 1.9.15 podr\u00eda permitir row hammer attacks (para eludir la autenticaci\u00f3n o escalar privilegios) porque la l\u00f3gica de la aplicaci\u00f3n a veces se basa en no igualar un valor de error (en lugar de igualar un valor de \u00e9xito) y porque los valores no resisten los cambios de un solo bit."}], "id": "CVE-2023-42465", "lastModified": "2024-11-21T08:22:36.407", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-22T16:15:08.057", "references": [{"source": "cve@mitre.org", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://arxiv.org/abs/2309.02545"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R4Q23NHCKCLFIHSNY6KJ27GM7FSCEVXM/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/202401-29"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20240208-0002/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2023/12/21/9"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://www.sudo.ws/releases/changelog/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://arxiv.org/abs/2309.02545"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R4Q23NHCKCLFIHSNY6KJ27GM7FSCEVXM/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202401-29"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240208-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2023/12/21/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://www.sudo.ws/releases/changelog/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:0811", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "sudo-0:1.9.5p2-1.el8_9", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-02-14T00:00:00Z"}, {"advisory": "RHSA-2024:0811", "cpe": "cpe:/o:redhat:rhel_eus:8.6", "package": "sudo-0:1.9.5p2-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-02-14T00:00:00Z"}, {"advisory": "RHSA-2024:0811", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "sudo-0:1.9.5p2-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-02-14T00:00:00Z"}, {"advisory": "RHSA-2024:0811", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "sudo-0:1.9.5p2-10.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-02-14T00:00:00Z"}, {"advisory": "RHSA-2024:0811", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "sudo-0:1.9.5p2-10.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-02-14T00:00:00Z"}, {"advisory": "RHSA-2024:0811", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "sudo-0:1.9.5p2-7.el9_0.4", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-02-14T00:00:00Z"}, {"advisory": "RHSA-2024:0811", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "sudo-0:1.9.5p2-9.el9_2.2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-02-14T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/cephcsi-rhel9:v4.15.0-37", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/mcg-core-rhel9:v4.15.0-68", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/mcg-operator-bundle:v4.15.0-158", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/mcg-rhel9-operator:v4.15.0-39", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/ocs-client-console-rhel9:v4.15.0-58", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/ocs-client-operator-bundle:v4.15.0-158", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/ocs-client-rhel9-operator:v4.15.0-13", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/ocs-metrics-exporter-rhel9:v4.15.0-81", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/ocs-operator-bundle:v4.15.0-158", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/ocs-rhel9-operator:v4.15.0-79", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-cli-rhel9:v4.15.0-22", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-console-rhel9:v4.15.0-57", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-cosi-sidecar-rhel9:v4.15.0-6", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-csi-addons-operator-bundle:v4.15.0-158", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-csi-addons-rhel9-operator:v4.15.0-15", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-csi-addons-sidecar-rhel9:v4.15.0-15", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-multicluster-console-rhel9:v4.15.0-54", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-multicluster-operator-bundle:v4.15.0-158", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-multicluster-rhel9-operator:v4.15.0-10", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-must-gather-rhel9:v4.15.0-26", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-operator-bundle:v4.15.0-158", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-rhel9-operator:v4.15.0-19", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odr-cluster-operator-bundle:v4.15.0-158", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odr-hub-operator-bundle:v4.15.0-158", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odr-rhel9-operator:v4.15.0-21", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/rook-ceph-rhel9-operator:v4.15.0-103", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}], "bugzilla": {"description": "sudo: Targeted Corruption of Register and Stack Variables", "id": "2255568", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255568"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-1319", "details": ["Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.", "A flaw was found in the sudo package. This issue could allow a local authenticated attacker to cause a bit to flip, which enables fault injection and may authenticate as the root user."], "mitigation": {"lang": "en:us", "value": "In general to address this issue, it's crucial to implement robust logic that prevents unintended execution from a single-bit flip. \nBut mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-42465", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2023-09-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-42465\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-42465\nhttps://arxiv.org/pdf/2309.02545.pdf\nhttps://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f"], "statement": "\"Mayhem\" is a potent attack technique that focuses on the core components of computing systems, specifically the CPU internals and stack variables. This method signifies a noteworthy advancement in cyber threats, demonstrating a successful ability to tamper with a computer's memory and compromise both stack and register variables. Capitalizing on the well-known Rowhammer effect, wherein swift access to a DRAM row induces bit flips in neighboring rows, this clever attack exploits these bit flips to disrupt stack variables and manipulate register values within a given process. The manipulation is accomplished by targeting register values stored in the process's stack, which, once flushed out to memory, become vulnerable to Rowhammer attacks. When reloaded, these corrupted values cause chaos, compromising the integrity of the entire process. It's important to note that this attack is confined to the local system, leading us to categorize it as a moderate threat.", "threat_severity": "Moderate", "upstream_fix": "sudo 1.9.15"}