Hello Damien, Red Hat CNA can help you with that.
Please send us a message at [email protected]. We can guide you through the process and answer any questions you might have. Feel free to copy anyone you'd like too. Regards, On Mon, Sep 22, 2025 at 7:53 PM Stuart D Gathman <[email protected]> wrote: > On Mon, 22 Sep 2025, Damien Miller wrote: > > > It is based on this paper "Mayhem: Targeted Corruption of Register and > > Stack Variables" by Adiletta, et al. > > https://arxiv.org/pdf/2309.02545 > > > > Firstly, we do not consider it to be the application's responsibility > > to defend against platform achitectural weaknesses. We're happy > > to adopt platform measures (e.g. toolchain defences) where it is > > possible to do so, but fundamentally it is the platform's job to > > Amen. Plus, some of us prefer slower and reliable to fast and fragile > > Question: is this attack mitigated by ECC ram? (It seems to be a weak > RAM issue.) The paper say no: "Further, [8] showed that ECC, a > hardware-enabled error checking built into many memory devices, can also > be bypassed." > > Question: will this vulnerability be incorporated in MEMTEST86? > > > Unfortunately, at no stage of the CVE issuance process was OpenSSH > > contacted about this advisory either. This seems pretty suboptimal as > > a process. > > > > Posting this for the record and in the hope that someone will help > > get the CVE disputed. > > I have no clue how to help. But will do so if informed. > > -- Pedro Sampaio | Red Hat Product Security 851525C5A98E9DEB7E650ABDFAC8296FBC674B8F
