Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 920510 (CVE-2023-42465) - <app-admin/sudo-1.9.15_p2: vulnerable to rowhammer-style bit flipping
Summary: <app-admin/sudo-1.9.15_p2: vulnerable to rowhammer-style bit flipping
Status: RESOLVED FIXED
Alias: CVE-2023-42465
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major
Assignee: Gentoo Security
URL: https://www.openwall.com/lists/oss-se...
Whiteboard: C1 [glsa+]
Keywords:
Depends on: 919947
Blocks:
  Show dependency tree
 
Reported: 2023-12-22 01:09 UTC by John Helmert III
Modified: 2024-01-24 04:09 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-12-22 01:09:01 UTC 
Apparently sudo execution could be manipulated in memory via rowhammer-style attacks, potentially affected execution flow:

"Our recent paper<https://arxiv.org/pdf/2309.02545.pdf> [AsiaCCS'24]
describes a potential vulnerability where stack/register variables can
be flipped via fault injection, affecting execution flow in
security-sensitive code."

There is a fix in upstream's 1.9.15: https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f
Comment 1 Hans de Graaff gentoo-dev Security 2024-01-21 11:15:26 UTC 
commit 4d263e147ccd1a9b2e2d3366f1ce6d0fe4d8f9c7
Author: Sam James <sam@gentoo.org>
Date:   Thu Dec 28 04:57:42 2023 +0000

    app-admin/sudo: drop 1.9.14_p3, 1.9.15_p3
Comment 2 Larry the Git Cow gentoo-dev 2024-01-24 04:07:56 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=8c2ac2c642d0add8a4a53de8486398a7e94c2a7e

commit 8c2ac2c642d0add8a4a53de8486398a7e94c2a7e
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-01-24 04:05:24 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2024-01-24 04:06:50 +0000

    [ GLSA 202401-29 ] sudo: Memory Manipulation
    
    Bug: https://bugs.gentoo.org/920510
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202401-29.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)