[Bug 3656] How to fix row hammer attacks?

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Jan 16 18:32:12 AEDT 2024


https://bugzilla.mindrot.org/show_bug.cgi?id=3656

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
This attack was not demonstrated against stock OpenSSH, but instead
against a modified sshd that had extra synchronisation added to make
the attack easier. AFAIK achieving the timing required to successfully
exploit is close to impossible in the real world. See section 9 of
their paper https://arxiv.org/pdf/2309.02545.pdf

They don't mention it, but any kind of ASLR would increase the
difficulty of attack by several orders of magnitude.

Nobody has demonstrated this attack against a configuration remotely
approximating real-world conditions. We consider rowhammer mitigation
to the job of the platform, not userspace software.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list