MNBSD-2023-12: OpenSSH row hammer attack

Severity: Unknown

Affected Package: openssh

Summary: OpenSSH row hammer attack

Description

OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

Affected Versions

openssh

Specific versions:

2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
3.0.0
3.0.1
3.0.2
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.2.0

Recommendations

No specific recommendations provided.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-51767

Additional Information

Aliases: CVE-2023-51767

Published: December 27, 2023
Last Modified: December 27, 2023