HammerSim: A System-Level Tool to Model RowHammer

Modern architecture research relies on simulators to evaluate system security, yet analyzing emerging hardware vulnerabilities like RowHammer requires full-system visibility. As RowHammer vulnerabilities worsen with continuous technology scaling, existing simulators lack the system-level models...

Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

Summary Security vulnerabilities have been addressed in IBM Verify Identity Access and IBM Security Verify Access Vulnerability Details CVEID:CVE-2023-51767 DESCRIPTION: OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks for authentication bypass because the...

Siemens SIMATIC Devices Improper Input Validation (CVE-2023-51767)

OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks for authentication bypass because the integer value of authenticated in mmanswerauthpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim...

CLSA-2025-1761325294 Fix CVE(s): CVE-2021-23240, CVE-2023-42465, CVE-2025-32462

SECURITY UPDATE: privilege escalation via symlinks - debian/patches/CVE-2021-23240.patch: fix opportunity for local unprivileged user to gain file ownership via symlinks. SECURITY UPDATE: unauthorized commands execution on unintended hosts - debian/patches/CVE-2025-32462.patch: restrict user from...

EUVD-2015-3381

Malware in sbrugna...

Rubber Mallet: a Study of High Frequency Localized Bit Flips and Their Impact on Security

The increasing density of modern DRAM has heightened its vulnerability to Rowhammer attacks, which induce bit flips by repeatedly accessing specific memory rows. This paper presents an analysis of bit flip patterns generated by advanced Rowhammer techniques that bypass existing hardware defenses...

Linux Distros Unpatched Vulnerability : CVE-2023-51767

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks for authentication bypass because the integer value of authenticated in...

RHEL 8 : openssh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssh: User enumeration via malformed packets in authentication requests CVE-2018-15919 - openssh:...

EulerOS 2.0 SP12 : sudo (EulerOS-SA-2024-1755)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic sometimes is based on n...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2024-1755)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : sudo (EulerOS-SA-2024-1778)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic sometimes is based on n...

EulerOS Virtualization 2.11.1 : sudo (EulerOS-SA-2024-1621)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic...

EulerOS Virtualization 2.11.0 : sudo (EulerOS-SA-2024-1640)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2024-1537)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.1 : sudo (EulerOS-SA-2024-1556)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic...

EulerOS Virtualization 2.10.0 : sudo (EulerOS-SA-2024-1537)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic...

SUSE SLES12 Security Update : sudo (SUSE-SU-2024:0890-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0890-1 advisory. - Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic sometimes is...

SUSE SLES15 Security Update : sudo (SUSE-SU-2024:0877-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0877-1 advisory. - Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic sometimes is...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : sudo (SUSE-SU-2024:0876-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0876-1 advisory. - Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation...

SUSE SLES15 Security Update : sudo (SUSE-SU-2024:0834-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0834-1 advisory. - Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic sometimes is...