Description
OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. NOTE: this is disputed by the Supplier, who states "we do not consider it to be the application's responsibility to defend against platform architectural weaknesses."
CVSS Metrics
- Vector
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- local
- Complexity
- high
- Privileges
- low
- User Action
- none
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- high
- Availability
- high
- Weaknesses
- NVD-CWE-Other
Metadata
- Primary Vendor
- OPENBSD
- Published
- 12/24/2023
- Last Modified
- 11/18/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
openbsd : opensshfedoraproject : fedoraredhat : enterprise_linuxredhat : enterprise_linux
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.