Root Privileges Vulnerability in Linux sccache
CVE-2023-1521

Currently unrated

Key Information:

Vendor

Mozilla
Status
Sccache
Vendor
CVE Published:
26 November 2024

What is CVE-2023-1521?

A vulnerability exists in the sccache client on Linux, allowing a user to execute arbitrary code with the privileges of a local sccache server. This occurs when the code is preloaded using a shared library specified in the LD_PRELOAD environment variable. If the sccache server is initiated with root privileges, which is typical for installations via the snap package, this vulnerability can be exploited to gain root access by running the sccache client. The potential impact involves unauthorized access and control over system resources.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

sccache 0 < 0.4.0

References

https://securitylab.github.com/advisories/GHSL-2023-046_S...
third-party-advisory
https://github.com/advisories/GHSA-x7fr-pg8f-93f5
vendor-advisory

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Paolo Tranquilli (@redsun82)
JSON
.