OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | 3.18-main | noarch | openssh | = 9.3_p2-r1 | UNKNOWN |
Alpine | 3.17-main | noarch | openssh | = 9.1_p1-r5 | UNKNOWN |
Alpine | 3.19-main | noarch | openssh | = 9.6_p1-r0 | UNKNOWN |
Alpine | 3.16-main | noarch | openssh | = 9.0_p1-r5 | UNKNOWN |
Alpine | edge-main | noarch | openssh | = 9.7_p1-r3 | UNKNOWN |
Alpine | 3.20-main | noarch | openssh | = 9.7_p1-r3 | UNKNOWN |