[Bug 3656] How to fix row hammer attacks?
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Jan 16 18:32:12 AEDT 2024
https://bugzilla.mindrot.org/show_bug.cgi?id=3656
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
This attack was not demonstrated against stock OpenSSH, but instead
against a modified sshd that had extra synchronisation added to make
the attack easier. AFAIK achieving the timing required to successfully
exploit is close to impossible in the real world. See section 9 of
their paper https://arxiv.org/pdf/2309.02545.pdf
They don't mention it, but any kind of ASLR would increase the
difficulty of attack by several orders of magnitude.
Nobody has demonstrated this attack against a configuration remotely
approximating real-world conditions. We consider rowhammer mitigation
to the job of the platform, not userspace software.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list