OpenSSH up to and including 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openbsd openssh |
||
fedoraproject fedora 39 |
||
redhat enterprise linux 8.0 |
||
redhat enterprise linux 9.0 |