Unrated severityNVD Advisory· Published Dec 22, 2023· Updated Nov 4, 2025
CVE-2023-42465
CVE-2023-42465
Description
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
30- Sudo/Sudodescription
- osv-coords28 versionspkg:rpm/almalinux/sudopkg:rpm/almalinux/sudo-python-pluginpkg:rpm/opensuse/sudo&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/sudo&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/sudo&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/opensuse/sudo&distro=openSUSE%20Tumbleweedpkg:rpm/suse/sudo&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/sudo&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/sudo&distro=SUSE%20Manager%20Server%204.3
< 1.9.5p2-10.el9_3+ 27 more
- (no CPE)range: < 1.9.5p2-10.el9_3
- (no CPE)range: < 1.9.5p2-10.el9_3
- (no CPE)range: < 1.9.12p1-150500.7.10.1
- (no CPE)range: < 1.9.9-150400.4.36.1
- (no CPE)range: < 1.9.9-150400.4.36.1
- (no CPE)range: < 1.9.15p2-1.1
- (no CPE)range: < 1.9.5p2-150300.3.33.1
- (no CPE)range: < 1.8.27-150000.4.53.1
- (no CPE)range: < 1.9.5p2-150300.3.33.1
- (no CPE)range: < 1.9.9-150400.4.36.1
- (no CPE)range: < 1.9.9-150400.4.36.1
- (no CPE)range: < 1.9.5p2-150300.3.33.1
- (no CPE)range: < 1.9.5p2-150300.3.33.1
- (no CPE)range: < 1.9.9-150400.4.36.1
- (no CPE)range: < 1.9.9-150400.4.36.1
- (no CPE)range: < 1.9.12p1-150500.7.10.1
- (no CPE)range: < 1.9.12p1-150500.7.10.1
- (no CPE)range: < 1.8.27-4.48.2
- (no CPE)range: < 1.8.27-150000.4.53.1
- (no CPE)range: < 1.9.5p2-150300.3.33.1
- (no CPE)range: < 1.9.9-150400.4.36.1
- (no CPE)range: < 1.8.27-4.48.2
- (no CPE)range: < 1.8.27-150000.4.53.1
- (no CPE)range: < 1.9.5p2-150300.3.33.1
- (no CPE)range: < 1.9.9-150400.4.36.1
- (no CPE)range: < 1.8.27-4.48.2
- (no CPE)range: < 1.9.9-150400.4.36.1
- (no CPE)range: < 1.9.9-150400.4.36.1
Patches
Vulnerability mechanics
References
9- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R4Q23NHCKCLFIHSNY6KJ27GM7FSCEVXM/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/mitrevendor-advisory
- security.gentoo.org/glsa/202401-29mitrevendor-advisory
- arxiv.org/abs/2309.02545mitre
- github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4fmitre
- github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15mitre
- security.netapp.com/advisory/ntap-20240208-0002/mitre
- www.openwall.com/lists/oss-security/2023/12/21/9mitre
- www.sudo.ws/releases/changelog/mitre
News mentions
0No linked articles in our index yet.