CVE-2023-51767
HIGHOpenSSH through 10.0 - Authentication Bypass via Row Hammer Bit Flip
Title source: llmDescription
OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. NOTE: this is disputed by the Supplier, who states "we do not consider it to be the application's responsibility to defend against platform architectural weaknesses."
References (34)
Core 34
Core References
Technical Description
https://arxiv.org/abs/2309.02545
Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2255850
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-51767
Third Party Advisory
https://ubuntu.com/security/CVE-2023-51767
Third Party Advisory
https://security.netapp.com/advisory/ntap-20240125-0006/
Scores
CVSS v3
7.0
EPSS
0.0066
EPSS Percentile
46.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
Status
published
Products (4)
fedoraproject/fedora
39
openbsd/openssh
redhat/enterprise_linux
8.0
redhat/enterprise_linux
9.0
Published
Dec 24, 2023
Tracked Since
Feb 18, 2026