Bugzilla – Bug 1218386
VUL-0: CVE-2023-51767: openssh: authentication bypass via single-bitflip DRAM attacks
Last modified: 2024-05-17 08:02:32 UTC
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51767
This morning we had a thorough review of the vulnerability with the team and we are concerned that this vulnerability is exploitable only in specific lab type environment. We will keep an eye on this vulnerability and any future types of Row Hammer attack vulnerabilities - they are harder to exploit and would require special configuration cases to be exploited anyways. For now the public pages will display WONTFIX but I will keep the bug open unless there is more information shared or publicly available.
Hi Team, Do you have an ETA for this issue ? Regards, Tamil Selvam .P
We are currently not planning to fix this issue, as it can only appear in strictly controlled laboratory conditions.
Closing as wont fix.