Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sudo | Sudo_project | * | 1.9.15 (excluding) |