Описание
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
A flaw was found in the sudo package. This issue could allow a local authenticated attacker to cause a bit to flip, which enables fault injection and may authenticate as the root user.
Отчет
"Mayhem" is a potent attack technique that focuses on the core components of computing systems, specifically the CPU internals and stack variables. This method signifies a noteworthy advancement in cyber threats, demonstrating a successful ability to tamper with a computer's memory and compromise both stack and register variables. Capitalizing on the well-known Rowhammer effect, wherein swift access to a DRAM row induces bit flips in neighboring rows, this clever attack exploits these bit flips to disrupt stack variables and manipulate register values within a given process. The manipulation is accomplished by targeting register values stored in the process's stack, which, once flushed out to memory, become vulnerable to Rowhammer attacks. When reloaded, these corrupted values cause chaos, compromising the integrity of the entire process. It's important to note that this attack is confined to the local system, leading us to categorize it as a moderate threat.
Меры по смягчению последствий
In general to address this issue, it's crucial to implement robust logic that prevents unintended execution from a single-bit flip. But mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | sudo | Out of support scope | ||
| Red Hat Enterprise Linux 7 | sudo | Out of support scope | ||
| Red Hat Enterprise Linux 8 | sudo | Fixed | RHSA-2024:0811 | 14.02.2024 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | sudo | Fixed | RHSA-2024:0811 | 14.02.2024 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | sudo | Fixed | RHSA-2024:0811 | 14.02.2024 |
| Red Hat Enterprise Linux 9 | sudo | Fixed | RHSA-2024:0811 | 14.02.2024 |
| Red Hat Enterprise Linux 9 | sudo | Fixed | RHSA-2024:0811 | 14.02.2024 |
| Red Hat Enterprise Linux 9.0 Extended Update Support | sudo | Fixed | RHSA-2024:0811 | 14.02.2024 |
| Red Hat Enterprise Linux 9.2 Extended Update Support | sudo | Fixed | RHSA-2024:0811 | 14.02.2024 |
| RHODF-4.15-RHEL-9 | odf4/cephcsi-rhel9 | Fixed | RHSA-2024:1383 | 19.03.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
Sudo before 1.9.15 might allow row hammer attacks (for authentication ...
EPSS
7 High
CVSS3