OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openssh | Openbsd | * | * |
| Openssh | Ubuntu | bionic | * |
| Openssh | Ubuntu | devel | * |
| Openssh | Ubuntu | esm-infra-legacy/trusty | * |
| Openssh | Ubuntu | esm-infra/bionic | * |
| Openssh | Ubuntu | esm-infra/focal | * |
| Openssh | Ubuntu | esm-infra/xenial | * |
| Openssh | Ubuntu | fips-updates/bionic | * |
| Openssh | Ubuntu | fips-updates/focal | * |
| Openssh | Ubuntu | fips-updates/xenial | * |
| Openssh | Ubuntu | fips/bionic | * |
| Openssh | Ubuntu | fips/focal | * |
| Openssh | Ubuntu | fips/xenial | * |
| Openssh | Ubuntu | focal | * |
| Openssh | Ubuntu | jammy | * |
| Openssh | Ubuntu | lunar | * |
| Openssh | Ubuntu | mantic | * |
| Openssh | Ubuntu | trusty | * |
| Openssh | Ubuntu | trusty/esm | * |
| Openssh | Ubuntu | xenial | * |
| Openssh-ssh1 | Ubuntu | bionic | * |
| Openssh-ssh1 | Ubuntu | devel | * |
| Openssh-ssh1 | Ubuntu | esm-apps/bionic | * |
| Openssh-ssh1 | Ubuntu | esm-apps/focal | * |
| Openssh-ssh1 | Ubuntu | esm-apps/jammy | * |
| Openssh-ssh1 | Ubuntu | focal | * |
| Openssh-ssh1 | Ubuntu | jammy | * |
| Openssh-ssh1 | Ubuntu | lunar | * |
| Openssh-ssh1 | Ubuntu | mantic | * |
| Openssh-ssh1 | Ubuntu | upstream | * |