oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH

From: Peter Gutmann <pgut001 () cs auckland ac nz>
Date: Sat, 27 Sep 2025 06:28:54 +0000
Jacob Bachmeyer <jcb62281 () gmail com> writes:


I am somewhat skeptical about this, simply because there have been many
"proper solutions" to Rowhammer that have thus far failed.


It depends on what you mean by "failed".  Rowhammer is an attack that no
(real-life) attacker has ever used, and no real-life attacker will ever use,
because there are about, oh, six million much easier ways to get what you
want.  So while a theoretical defence has failed against a theoretical attack,
in practice nothing of value has been lost.

(Not saying that it's not a cool attack, just that it's not one we have to
worry about.  What we do have to worry about is phishing, buffer overflows,
SQL and more generally script injection, supply-chain attacks, it's a long list).

Peter.
Previous By Date Next
Previous By Thread Next

Current thread: