CVE-2023-51767

High CVSS 7.0

Overview

OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

CWE: N/A Published: 2023-12-24T07:15:07.410

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.0 (HIGH)
Detected tags: none (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags