A vulnerability has been discovered in sudo which can lead to execution manipulation through rowhammer-style memory manipulation.
Package | app-admin/sudo on all architectures |
---|---|
Affected versions | < 1.9.15_p2 |
Unaffected versions | >= 1.9.15_p2 |
sudo allows a system administrator to give users the ability to run commands as other users.
Multiple vulnerabilities have been discovered in sudo. Please review the CVE identifiers referenced below for details.
Stack/register variables can be flipped via fault injection, affecting execution flow in security-sensitive code.
There is no known workaround at this time.
All sudo users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.9.15_p2"
Release date
January 24, 2024
Latest revision
January 24, 2024: 1
Severity
high
Exploitable
remote
Bugzilla entries