CVE-2023-42465

low-risk

Published 2023-12-22

Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.

Do I need to act?

0.00% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.0/10 High

LOCAL / HIGH complexity

Affected Products (1)

Sudo

Affected Vendors

Sudo Project

References (22)

Technical Description https://arxiv.org/abs/2309.02545

Patch https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac602930...

Release Notes https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://security.gentoo.org/glsa/202401-29

https://security.netapp.com/advisory/ntap-20240208-0002/

Exploit https://www.openwall.com/lists/oss-security/2023/12/21/9

Release Notes https://www.sudo.ws/releases/changelog/

http://www.openwall.com/lists/oss-security/2025/09/23/2

http://www.openwall.com/lists/oss-security/2025/09/24/6

Technical Description https://arxiv.org/abs/2309.02545

Patch https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac602930...

Release Notes https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...

https://security.gentoo.org/glsa/202401-29

https://security.netapp.com/advisory/ntap-20240208-0002/

and 2 more references

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal