MNBSD-2023-12 OpenSSH row hammer attack

OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

Aliases: CVE-2023-51767

Modified: 2023-12-27T00:00:00.000Z
Published: 2023-12-27T00:00:00.000Z

References

https://nvd.nist.gov/vuln/detail/CVE-2023-51767