OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.
Aliases: CVE-2023-51767
Modified: 2023-12-27T00:00:00.000Z
Published: 2023-12-27T00:00:00.000Z
References
https://nvd.nist.gov/vuln/detail/CVE-2023-51767