Vulnerability: Row Hammer Attack in OpenSSH 9.6

Vulnerability: Row Hammer Attack in OpenSSH 9.6

CVE-2023-51767 · HIGH Severity

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

Learn more about our User Device Pen Test.