CVE-2023-1521

Publication date 26 November 2024

Last updated 26 November 2024

Ubuntu priority

On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD. If the server is run as root (which is the default when installing the snap package https://snapcraft.io/sccache ), this means a user running the sccache client can get root privileges.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
sccache	24.10 oracular	Needs evaluation
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Not in release
	20.04 LTS focal	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2023-1521
https://github.com/advisories/GHSA-x7fr-pg8f-93f5
https://securitylab.github.com/advisories/GHSL-2023-046_ScCache