Key Information Bug ID: Bug 2255850 (CVE-2023-51767) Vulnerability Name: openssh: authentication bypass via row hammer attack Reported Time: 2023-12-25 19:41 UTC CVE ID: CVE-2023-51767 Current Status: NEW Product: Security Response Component: vulnerability Priority: medium Severity: medium Operating System: Linux Vulnerability Description: - OpenSSH version 9.6 and earlier may be vulnerable to authentication bypass via Row Hammer attacks caused by common types of DRAM. This occurs because the integer authentication value in the function is not resilient to single-bit flips. Note: This applies to a specific threat model where the attacker and victim are co-located, and the attacker has user-level privileges. Related Links: - https://arxiv.org/abs/2309.02545 - https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 - https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 Affected Products: fedora-all [bug 2255051] Notes: - On 2024-01-16, Damien Miller noted that this issue is already being tracked in another bug (id=3656).