Bug 3656 - How to fix row hammer attacks?
Summary: How to fix row hammer attacks?
Status: CLOSED WONTFIX
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: -current
Hardware: All All
: P5 security
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-01-13 17:49 AEDT by renmingshuai
Modified: 2024-05-15 11:58 AEST (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description renmingshuai 2024-01-13 17:49:57 AEDT 
A new vulnerability (CVE-2023-51767) in openssh has been published, but there seems to be no fix yet. 
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51767
Comment 1 Damien Miller 2024-01-16 18:32:12 AEDT 
This attack was not demonstrated against stock OpenSSH, but instead against a modified sshd that had extra synchronisation added to make the attack easier. AFAIK achieving the timing required to successfully exploit is close to impossible in the real world. See section 9 of their paper https://arxiv.org/pdf/2309.02545.pdf

They don't mention it, but any kind of ASLR would increase the difficulty of attack by several orders of magnitude.

Nobody has demonstrated this attack against a configuration remotely approximating real-world conditions. We consider rowhammer mitigation to the job of the platform, not userspace software.
Comment 2 Clint.Clayton 2024-05-15 04:23:12 AEST 
This bug was set to resolved / fixed.

Was there a fix committed to the git repository?
I couldn't find one in https://anongit.mindrot.org/openssh.git/log
Comment 3 Damien Miller 2024-05-15 09:16:58 AEST 
No, see comment 1 here