CVE-2023-51767

Updated: 2024-02-27 20:15:24.755425

Description:

OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU openssh 8.7p1 7 HIGH Ignored 2024-01-25 08:43:34
CentOS 6 ELS openssh 5.3p1 7 HIGH Ignored 2024-01-25 08:43:37
CentOS 7 ELS openssh 7.4p1 7 HIGH Ignored 2024-01-25 08:43:37
CentOS 8.4 ELS openssh 8.0p1-6 7 HIGH Ignored 2024-01-25 08:43:34
CentOS 8.5 ELS openssh 8.0p1-10 7 HIGH Ignored 2024-01-25 08:43:37
CloudLinux 6 ELS openssh 5.3p1 7 HIGH Ignored 2024-01-25 08:43:37
Oracle Linux 6 ELS openssh 5.3p1 7 HIGH Ignored 2024-01-25 08:43:37
Ubuntu 16.04 ELS openssh 7.2p2 7 HIGH Ignored 2024-01-25 08:43:37
Ubuntu 18.04 ELS openssh 7.6p1 7 HIGH Ignored 2024-01-25 08:43:37

Statement

We've reasoned not to fix this issue since there is currently no known solid solution or mitigation for this vulnerability which is based on the hardware problem known as Rawhammer effect. However, this vulnerability was not demonstrated to be exploitable in real world without special modifications to the sshd code to simplify the attack and it seems very unlikely that it can be exploited