CVE-2023-51767
Public on 2023-12-24
Modified on 2024-02-09
Description
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.
This attack relies on a hardware platform defect to demonstrate a theoretical vulnerability against OpenSSH. Given that this issue requires conditions that are impractical in a real-world environment, a fix will not be provided for Amazon Linux 2 and Amazon Linux 2023 at this time.
This attack relies on a hardware platform defect to demonstrate a theoretical vulnerability against OpenSSH. Given that this issue requires conditions that are impractical in a real-world environment, a fix will not be provided for Amazon Linux 2 and Amazon Linux 2023 at this time.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | openssh | No Fix Planned | ||
| Amazon Linux 2 - Core | openssh | No Fix Planned | ||
| Amazon Linux 2023 | openssh | No Fix Planned |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.8 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L |
| NVD | CVSSv3 | 7.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |