Описание
OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. NOTE: this is disputed by the Supplier, who states "we do not consider it to be the application's responsibility to defend against platform architectural weaknesses."
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | not-affected | see notes |
| esm-infra-legacy/trusty | not-affected | see notes |
| esm-infra/bionic | not-affected | see notes |
| esm-infra/focal | not-affected | see notes |
| esm-infra/xenial | not-affected | see notes |
| fips-updates/bionic | not-affected | see notes |
| fips-updates/focal | not-affected | see notes |
| fips-updates/xenial | not-affected | see notes |
| fips/bionic | not-affected | see notes |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | not-affected | see notes |
| esm-apps/bionic | not-affected | see notes |
| esm-apps/focal | not-affected | see notes |
| esm-apps/jammy | not-affected | see notes |
| focal | not-affected | see notes |
| jammy | not-affected | see notes |
| lunar | ignored | end of life, was ignored [2024-01-02] |
| mantic | not-affected | see notes |
| trusty | DNE |
Показывать по
7 High
CVSS3
Связанные уязвимости
OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. NOTE: this is disputed by the Supplier, who states "we do not consider it to be the application's responsibility to defend against platform architectural weaknesses."
OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. NOTE: this is disputed by the Supplier, who states "we do not consider it to be the application's responsibility to defend against platform architectural weaknesses."
OpenSSH through 10.0, when common types of DRAM are used, might allow ...
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.
Уязвимость функции mm_answer_authpassword() cредства криптографической защиты OpenSSH, позволяющая нарушителю реализовать атаку Rowhammer и обойти процедуру аутентификации
7 High
CVSS3