https://bugzilla.mindrot.org/show_bug.cgi?id=3656
Damien Miller <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #1 from Damien Miller <[email protected]> --- This attack was not demonstrated against stock OpenSSH, but instead against a modified sshd that had extra synchronisation added to make the attack easier. AFAIK achieving the timing required to successfully exploit is close to impossible in the real world. See section 9 of their paper https://arxiv.org/pdf/2309.02545.pdf They don't mention it, but any kind of ASLR would increase the difficulty of attack by several orders of magnitude. Nobody has demonstrated this attack against a configuration remotely approximating real-world conditions. We consider rowhammer mitigation to the job of the platform, not userspace software. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
