Bug 920510 (CVE-2023-42465)

Summary:	<app-admin/sudo-1.9.15_p2: vulnerable to rowhammer-style bit flipping
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major	CC:	ajak, base-system
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://www.openwall.com/lists/oss-security/2023/12/21/9
Whiteboard:	C1 [glsa+]
Package list:		Runtime testing required:	---
Bug Depends on:	919947
Bug Blocks:

Description John Helmert III archtester

2023-12-22 01:09:01 UTC

Apparently sudo execution could be manipulated in memory via rowhammer-style attacks, potentially affected execution flow:

"Our recent paper<https://arxiv.org/pdf/2309.02545.pdf> [AsiaCCS'24]
describes a potential vulnerability where stack/register variables can
be flipped via fault injection, affecting execution flow in
security-sensitive code."

There is a fix in upstream's 1.9.15: https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f

Comment 1 Hans de Graaff gentoo-dev

2024-01-21 11:15:26 UTC

commit 4d263e147ccd1a9b2e2d3366f1ce6d0fe4d8f9c7
Author: Sam James <sam@gentoo.org>
Date:   Thu Dec 28 04:57:42 2023 +0000

    app-admin/sudo: drop 1.9.14_p3, 1.9.15_p3

Comment 2 Larry the Git Cow gentoo-dev

2024-01-24 04:07:56 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=8c2ac2c642d0add8a4a53de8486398a7e94c2a7e

commit 8c2ac2c642d0add8a4a53de8486398a7e94c2a7e
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-01-24 04:05:24 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2024-01-24 04:06:50 +0000

    [ GLSA 202401-29 ] sudo: Memory Manipulation
    
    Bug: https://bugs.gentoo.org/920510
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202401-29.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)