Back

Fedora 44 and 43 Sudo Vulnerabilities Enable Code Execution Risks

Severity: Medium (Score: 57.8)

Sources: Linuxsecurity

Published: 2026-06-04 · Updated: 2026-06-04

Keywords: vulnerability, fedora, sudo, code, execution, version, release

Severity indicators: vulnerability

Summary

On June 4, 2026, Fedora released updates for versions 43 and 44 of the PHP Installer for Extensions (PIE) to address multiple vulnerabilities in the Sudo command. These vulnerabilities include arbitrary file deletion and elevated root code execution due to time-of-check to time-of-use (TOCTOU) issues. The updates fix security advisories identified as GHSA-h842-vjwg-pxxx, GHSA-pm6p-666q-hvj5, and others. Affected systems include Fedora 43 and 44 installations using PIE version 1.4.5. Users are advised to apply the updates promptly to mitigate risks. The vulnerabilities were confirmed by Remi Collet, the maintainer who issued the updates. The updates can be installed using the 'dnf' package manager. No active exploitation has been reported at this time. Key Points: • Fedora released critical updates for PIE vulnerabilities affecting versions 43 and 44. • Vulnerabilities include arbitrary file deletion and elevated root code execution risks. • Users are urged to apply the updates immediately to mitigate potential threats.

Detailed Analysis

**Impact** Users of Fedora 43 and 44 running the PIE (PHP Installer for Extensions) version 1.4.5 are affected by vulnerabilities that allow elevated privileges and potential code execution. The scope includes systems where sudo is used with PIE-installed binaries, potentially impacting web hosting, development environments, and enterprises relying on PHP extensions. No specific geographic or sector data is provided. Data at risk includes system integrity and potentially sensitive files due to arbitrary file deletion and code execution capabilities. **Technical Details** The vulnerabilities involve sudo-elevated arbitrary file deletion and root code execution via a time-of-check to time-of-use (TOCTOU) race condition between self-update verification and write operations. CVEs addressed include GHSA-h842-vjwg-pxxx, GHSA-pm6p-666q-hvj5, GHSA-f67f-c344-cqqr, among others related to path traversal and self-update attestation issues. The attack vector exploits sudo privileges and flaws in PIE’s self-update mechanism, affecting the kill chain stages of exploitation and execution. No specific malware or IOCs are mentioned. **Recommended Response** Apply the Fedora advisories FEDORA-2026-e5d5fc359d for Fedora 44 and FEDORA-2026-b2fe14ec86 for Fedora 43 immediately using the command `dnf upgrade --advisory <advisory_id>`. Monitor for unusual sudo activity and unauthorized file deletions related to PIE binaries. Harden sudo configurations to restrict unnecessary privileges and review PHP extension update processes. No additional IOCs or detection signatures are provided in the source articles.

Source articles (2)

  • Fedora 43 pie 1.4.5 Important Sudo Code Execution Threats — Linuxsecurity · 2026-06-04
    Version 1.4.5 This release contains vulnerability fixes for the following security advisories: GHSA-h842-vjwg-pxxx - Sudo-elevated arbitrary file deletion via extra.pie- installed-binary metadata in U…
  • Fedora 44 PIE Vulnerability in Sudo Might Allow Code Execution Risks — Linuxsecurity · 2026-06-04
    Version 1.4.5 This release contains vulnerability fixes for the following security advisories: GHSA-h842-vjwg-pxxx - Sudo-elevated arbitrary file deletion via extra.pie- installed-binary metadata in U…

Timeline

  • 2026-06-04 — Fedora updates released for PIE vulnerabilities: Fedora released updates for PIE versions 43 and 44 to address multiple Sudo vulnerabilities, including code execution risks.
  • 2026-06-04 — Vulnerabilities confirmed by maintainer: Remi Collet confirmed the vulnerabilities and issued updates for PIE version 1.4.5.

Related entities

  • Zero-day Exploit (Attack Type)
  • CWE-22 - Path Traversal (Cwe)
  • Windows (Platform)
  • GHSA-8xmh-xrvp-hwrf (Vulnerability)
  • GHSA-f67f-c344-cqqr (Vulnerability)
  • GHSA-h842-vjwg-pxxx (Vulnerability)
  • GHSA-p4j8-36rr-gjfq (Vulnerability)
  • GHSA-pm6p-666q-hvj5 (Vulnerability)
  • GHSA-vcv4-gmjc-mxvq (Vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed