|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2023-51767: openssh: authentication bypass via single-bitflip DRAM attacks | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | SMASH SMASH <smash_bz> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED WONTFIX | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | ali.abdallah, andrea.mattiazzo, andreas.taschner, hpj, meissner, security-team, sreeves, stoyan.manolov, tamilselvam, wolfgang.frisch |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/389286/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2023-51767:4.7:(AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
SMASH SMASH
2023-12-24 09:27:36 UTC
This morning we had a thorough review of the vulnerability with the team and we are concerned that this vulnerability is exploitable only in specific lab type environment. We will keep an eye on this vulnerability and any future types of Row Hammer attack vulnerabilities - they are harder to exploit and would require special configuration cases to be exploited anyways. For now the public pages will display WONTFIX but I will keep the bug open unless there is more information shared or publicly available. Hi Team, Do you have an ETA for this issue ? Regards, Tamil Selvam .P We are currently not planning to fix this issue, as it can only appear in strictly controlled laboratory conditions. Closing as wont fix. |