CVE-2023-42465 — HIGH (7.0)

Q: How severe is CVE-2023-42465?

CVE-2023-42465 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-42465?

Check the references section above for vendor advisories and patch information. Affected products include: Sudo Project Sudo.

Vulnerability Description

Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.

CVSS Score

7.0

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sudo Project	Sudo	< 1.9.15

References

https://arxiv.org/abs/2309.02545Technical DescriptionThird Party Advisory
https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac602930Patch
https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.gentoo.org/glsa/202401-29
https://security.netapp.com/advisory/ntap-20240208-0002/
https://www.openwall.com/lists/oss-security/2023/12/21/9ExploitMailing List
https://www.sudo.ws/releases/changelog/Release Notes
http://www.openwall.com/lists/oss-security/2025/09/23/2
http://www.openwall.com/lists/oss-security/2025/09/24/6
https://arxiv.org/abs/2309.02545Technical DescriptionThird Party Advisory
https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac602930Patch
https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro

FAQ

What is CVE-2023-42465?

CVE-2023-42465 is a vulnerability with a CVSS score of 7.0 (HIGH). Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a...

How severe is CVE-2023-42465?

CVE-2023-42465 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-42465?

Check the references section above for vendor advisories and patch information. Affected products include: Sudo Project Sudo.