oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2023-51767: a bogus CVE in OpenSSH

From: Pedro Sampaio <psampaio () redhat com>
Date: Mon, 22 Sep 2025 23:18:02 -0300
Hello Damien,

Red Hat CNA can help you with that.

Please send us a message at rootcna-coordination () redhat com.

We can guide you through the process and answer any questions you might
have. Feel free to copy anyone you'd like too.

Regards,

On Mon, Sep 22, 2025 at 7:53 PM Stuart D Gathman <stuart () gathman org> wrote:


On Mon, 22 Sep 2025, Damien Miller wrote:


It is based on this paper "Mayhem: Targeted Corruption of Register and
Stack Variables" by Adiletta, et al.
https://arxiv.org/pdf/2309.02545

Firstly, we do not consider it to be the application's responsibility
to defend against platform achitectural weaknesses. We're happy
to adopt platform measures (e.g. toolchain defences) where it is
possible to do so, but fundamentally it is the platform's job to


Amen.  Plus, some of us prefer slower and reliable to fast and fragile

Question: is this attack mitigated by ECC ram?  (It seems to be a weak
RAM issue.)  The paper say no: "Further, [8] showed that ECC, a
hardware-enabled error checking built into many memory devices, can also
be bypassed."

Question: will this vulnerability be incorporated in MEMTEST86?


Unfortunately, at no stage of the CVE issuance process was OpenSSH
contacted about this advisory either. This seems pretty suboptimal as
a process.

Posting this for the record and in the hope that someone will help
get the CVE disputed.


I have no clue how to help.  But will do so if informed.




-- 
Pedro Sampaio | Red Hat Product Security
851525C5A98E9DEB7E650ABDFAC8296FBC674B8F
Previous By Date Next
Previous By Thread Next

Current thread: