CVE-2026-35535
Publication date 6 April 2026
Last updated 6 April 2026
Ubuntu priority
Description
In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.
From the Ubuntu Security Team
It was discovered that Sudo incorrectly checked return codes when dropping privileges to run the mailer. A local attacker could possibly use this issue to escalate privileges.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| sudo | 25.10 questing |
Fixed 1.9.17p2-1ubuntu1.1
|
| 24.04 LTS noble |
Fixed 1.9.15p5-3ubuntu5.24.04.2
|
|
| 22.04 LTS jammy |
Fixed 1.9.9-1ubuntu2.6
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.4 · High
|
| Attack vector | Local |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2026-35535
- https://github.com/sudo-project/sudo/commit/3e474c2f201484be83d994ae10a4e20e8c81bb69
- https://www.qualys.com/2026/03/10/crack-armor.txt
- https://ubuntu.com/security/vulnerabilities/crackarmor
- https://ubuntu.com/blog/apparmor-vulnerability-fixes-available