Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 3656] How to fix row hammer attacks?
bugzilla-daemon at mindrot
Jan 15, 2024, 11:32 PM
Post #1 of 1 (37 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=3656

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |djm@mindrot.org

--- Comment #1 from Damien Miller <djm@mindrot.org> ---
This attack was not demonstrated against stock OpenSSH, but instead
against a modified sshd that had extra synchronisation added to make
the attack easier. AFAIK achieving the timing required to successfully
exploit is close to impossible in the real world. See section 9 of
their paper https://arxiv.org/pdf/2309.02545.pdf

They don't mention it, but any kind of ASLR would increase the
difficulty of attack by several orders of magnitude.

Nobody has demonstrated this attack against a configuration remotely
approximating real-world conditions. We consider rowhammer mitigation
to the job of the platform, not userspace software.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal