OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. NOTE: this is disputed by the Supplier, who states we do not consider it to be the applications responsibility to defend against platform architectural weaknesses.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openssh | Openbsd | * | * |
Openssh | Ubuntu | bionic | * |
Openssh | Ubuntu | lunar | * |
Openssh | Ubuntu | trusty | * |
Openssh | Ubuntu | xenial | * |
Openssh-ssh1 | Ubuntu | bionic | * |
Openssh-ssh1 | Ubuntu | lunar | * |
Openssh-ssh1 | Ubuntu | upstream | * |