oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2023-51767: a bogus CVE in OpenSSH

From: Stuart D Gathman <stuart () gathman org>
Date: Mon, 22 Sep 2025 17:12:20 -0400 (EDT)
On Mon, 22 Sep 2025, Damien Miller wrote:


It is based on this paper "Mayhem: Targeted Corruption of Register and
Stack Variables" by Adiletta, et al.
https://arxiv.org/pdf/2309.02545

Firstly, we do not consider it to be the application's responsibility
to defend against platform achitectural weaknesses. We're happy
to adopt platform measures (e.g. toolchain defences) where it is
possible to do so, but fundamentally it is the platform's job to


Amen.  Plus, some of us prefer slower and reliable to fast and fragile
Question: is this attack mitigated by ECC ram? (It seems to be a weak RAM issue.) The paper say no: "Further, [8] showed that ECC, a 
hardware-enabled error checking built into many memory devices, can also
be bypassed."

Question: will this vulnerability be incorporated in MEMTEST86?


Unfortunately, at no stage of the CVE issuance process was OpenSSH
contacted about this advisory either. This seems pretty suboptimal as
a process.

Posting this for the record and in the hope that someone will help
get the CVE disputed.


I have no clue how to help.  But will do so if informed.
Previous By Date Next
Previous By Thread Next

Current thread: