Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 920510 (CVE-2023-42465) - <app-admin/sudo-1.9.15_p2: vulnerable to rowhammer-style bit flipping
Summary: <app-admin/sudo-1.9.15_p2: vulnerable to rowhammer-style bit flipping
Alias: CVE-2023-42465
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: C1 [glsa+]
Depends on: 919947
  Show dependency tree
Reported: 2023-12-22 01:09 UTC by John Helmert III
Modified: 2024-01-24 04:09 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-12-22 01:09:01 UTC
Apparently sudo execution could be manipulated in memory via rowhammer-style attacks, potentially affected execution flow:

"Our recent paper<> [AsiaCCS'24]
describes a potential vulnerability where stack/register variables can
be flipped via fault injection, affecting execution flow in
security-sensitive code."

There is a fix in upstream's 1.9.15:
Comment 1 Hans de Graaff gentoo-dev Security 2024-01-21 11:15:26 UTC
commit 4d263e147ccd1a9b2e2d3366f1ce6d0fe4d8f9c7
Author: Sam James <>
Date:   Thu Dec 28 04:57:42 2023 +0000

    app-admin/sudo: drop 1.9.14_p3, 1.9.15_p3
Comment 2 Larry the Git Cow gentoo-dev 2024-01-24 04:07:56 UTC
The bug has been referenced in the following commit(s):

commit 8c2ac2c642d0add8a4a53de8486398a7e94c2a7e
Author:     GLSAMaker <>
AuthorDate: 2024-01-24 04:05:24 +0000
Commit:     John Helmert III <>
CommitDate: 2024-01-24 04:06:50 +0000

    [ GLSA 202401-29 ] sudo: Memory Manipulation
    Signed-off-by: GLSAMaker <>
    Signed-off-by: John Helmert III <>

 glsa-202401-29.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)