Full Report
Two elevation of privilege vulnerabilities have been discovered on the popular Sudo utility, affecting 30-50 million endpoints in the US alone
Analysis Summary
# Vulnerability: Critical Elevation of Privilege in Sudo via chroot Abuse
## CVE Details
- CVE ID: CVE-2025-32463
- CVSS Score: Not explicitly stated, but described as "critical elevation of privilege (EoP)". (Implies high score, likely 9.0+)
- CWE: (Not specified in the summary, but related to improper access control around system calls/privilege escalation)
## Affected Systems
- Products: Sudo
- Versions: Sudo versions 1.9.14 through 1.9.17 (inclusive)
- Configurations: Verified on Ubuntu 24.04.1 and Fedora 41 Server. The vulnerability stems from an unprivileged user abusing the `chroot()` functionality when Sudo calls it.
## Vulnerability Description
The vulnerability exists within the Sudo utility, which handles privileged command execution on Linux systems. The flaw allows a local, unprivileged user to gain full root access to the targeted system. This is achieved by exploiting the `chroot()` function calls made by Sudo. The issue arises because Sudo calls `chroot()` multiple times, regardless of user configuration rules, allowing a low-privileged user to invoke `chroot()` with root authority to a writable, untrusted path under their control, leading to system compromise. The vulnerability was introduced in Sudo version 1.9.14 (June 2023).
## Exploitation
- Status: Not explicitly stated if exploited in the wild, but described as critical, suggesting high risk.
- Complexity: Implied **Medium to High** given the technical nature (abuse of `chroot()` syscalls by a local user).
- Attack Vector: **Local** (Requires local user access to the system).
## Impact
- Confidentiality: Likely **High** (Full root access exposes all system data).
- Integrity: Likely **High** (Full root access allows modification or destruction of any system files).
- Availability: Likely **High** (Full root access allows system shutdown or denial of service).
## Remediation
### Patches
- **Sudo 1.9.17p1 or newer.** Users are urged to upgrade immediately.
### Workarounds
- No specific workarounds were detailed in the provided summary, other than immediate patching. Restricting use of Sudo or locking down `chroot()` usage might be implied but is not confirmed as an official vendor workaround.
## Detection
- Detection details were not provided in the summary. Focus should be on monitoring for unexpected use of `chroot()` by processes running under reduced privileges, or monitoring successful privilege escalations executed via `sudo`.
## References
- Vendor Advisories: Not directly linked, but the issue is addressed in Sudo version 1.9.17p1 release notes.
- Relevant links:
- News Source: `infosecurity-magazine.com/news/linux-users-urged-to-patch/` (Defanged: `infosecurity-magazine[d]com/news/linux-users-urged-to-patch/`)