Updated: 2024-11-24 05:36:09.18388
Description:
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0 | |
| CVSS Version 3.x | HIGH | 7 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | openssh | 8.7p1 | 7.0 | HIGH | Ignored | 2024-01-25 08:43:34 | We've reasoned not to fix this issue since there is currently no known solid solution or mitigation ... | |
| CentOS 6 ELS | openssh | 5.3p1 | 7.0 | HIGH | Ignored | 2024-01-25 08:43:37 | We've reasoned not to fix this issue since there is currently no known solid solution or mitigation ... | |
| CentOS 7 ELS | openssh | 7.4p1 | 7.0 | HIGH | Ignored | 2024-01-25 08:43:37 | We've reasoned not to fix this issue since there is currently no known solid solution or mitigation ... | |
| CentOS 8.4 ELS | openssh | 8.0p1-6 | 7.0 | HIGH | Ignored | 2024-01-25 08:43:34 | We've reasoned not to fix this issue since there is currently no known solid solution or mitigation ... | |
| CentOS 8.5 ELS | openssh | 8.0p1-10 | 7.0 | HIGH | Ignored | 2024-01-25 08:43:37 | We've reasoned not to fix this issue since there is currently no known solid solution or mitigation ... | |
| CloudLinux 6 ELS | openssh | 5.3p1 | 7.0 | HIGH | Ignored | 2024-01-25 08:43:37 | We've reasoned not to fix this issue since there is currently no known solid solution or mitigation ... | |
| Oracle Linux 6 ELS | openssh | 5.3p1 | 7.0 | HIGH | Ignored | 2024-01-25 08:43:37 | We've reasoned not to fix this issue since there is currently no known solid solution or mitigation ... | |
| Ubuntu 16.04 ELS | openssh | 7.2p2 | 7.0 | HIGH | Ignored | 2024-01-25 08:43:37 | We've reasoned not to fix this issue since there is currently no known solid solution or mitigation ... | |
| Ubuntu 18.04 ELS | openssh | 7.6p1 | 7.0 | HIGH | Ignored | 2024-01-25 08:43:37 | We've reasoned not to fix this issue since there is currently no known solid solution or mitigation ... |