CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
20.1%
OpenSSH through 9.6, when common types of DRAM are used, might allow row
hammer attacks (for authentication bypass) because the integer value of
authenticated in mm_answer_authpassword does not resist flips of a single
bit. NOTE: this is applicable to a certain threat model of attacker-victim
co-location in which the attacker has user privileges.
Author | Note |
---|---|
seth-arnold | openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. |
mdeslaur | The researchers used a modified version of sshd to make this vulnerability easier to demonstrate. There is no indication the openssh package in Ubuntu can be exploited in the same way. The upstream OpenSSH developers have chosen to ignore this issue as this vulnerability isn’t exploitable in practice, and needs to be addressed by the hardware platform, not in OpenSSH itself. Since there is nothing actionable here for Ubuntu, I am marking this issue as ignored. |