CVE-2023-51767

NameCVE-2023-51767
DescriptionOpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. NOTE: this is disputed by the Supplier, who states "we do not consider it to be the application's responsibility to defend against platform architectural weaknesses."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Notes

https://arxiv.org/abs/2309.02545
Upstream does not consider CVE-2023-51767 a bug underlying in OpenSSH and
does not intent to address it in OpenSSH. To todays knowledge (2024-03-13)
it has not been demonstrated that the issue is exploitable in any real
software configuration. Was also filed as #1059393
https://www.openwall.com/lists/oss-security/2025/09/22/1
Search for package or bug name: Reporting problems