CVE-2023-51767 – This CVE describes a potential row hammer attac... (How to Fix)

Q: What is the severity of CVE-2023-51767?

CVE-2023-51767 has a CVSS score of 7.0 (HIGH). This CVE describes a potential row hammer attack vulnerability in OpenSSH that could allow authentication bypass. An attacker with physical access to the same hardware could flip bits in memory to bypass SSH authentication. This affects OpenSSH versions through 10.0 when running on systems with susceptible DRAM.

📋 TL;DR

This CVE describes a potential row hammer attack vulnerability in OpenSSH that could allow authentication bypass. An attacker with physical access to the same hardware could flip bits in memory to bypass SSH authentication. This affects OpenSSH versions through 10.0 when running on systems with susceptible DRAM.

💻 Affected Systems

Products:

OpenSSH

Versions: through 10.0

Operating Systems: All operating systems running affected OpenSSH versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only exploitable with specific DRAM types susceptible to row hammer attacks and requires attacker-victim co-location

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete SSH authentication bypass allowing unauthorized access to systems

🟠

Likely Case

Limited impact requiring physical co-location and specific hardware conditions

🟢

If Mitigated

Minimal impact with proper physical security and hardware protections

🌐 Internet-Facing: LOW - Requires physical access to hardware

🏢 Internal Only: MEDIUM - Requires attacker with physical access to same hardware

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Requires physical access to hardware, specific DRAM types, and precise timing conditions

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not applicable - disputed by OpenSSH maintainers

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=2255850

Restart Required: No

Instructions:

No official patch available as OpenSSH maintainers dispute this is an application-level vulnerability

🔧 Temporary Workarounds

Hardware-based mitigation

all

Use ECC memory or DRAM less susceptible to row hammer attacks

Physical security controls

all

Implement strict physical access controls to prevent co-location attacks

🧯 If You Can't Patch

Implement strict physical security controls to prevent unauthorized hardware access
Use hardware with ECC memory or row hammer-resistant DRAM

🔍 How to Verify

Check if Vulnerable:

Check OpenSSH version with 'ssh -V' and verify if version is 10.0 or earlier

Check Version:

ssh -V 2>&1 | grep -o 'OpenSSH_[0-9.]*'

Verify Fix Applied:

No fix available to verify - focus on hardware and physical security controls

📡 Detection & Monitoring

Log Indicators:

Unusual authentication patterns from unexpected physical locations

Network Indicators:

None - this is a physical hardware attack

SIEM Query:

Search for SSH authentication failures followed by successful logins from same physical location

📊 Metadata

CVE ID: CVE-2023-51767

CVSS v3 Score: 7.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Published: December 24, 2023

Last Updated: November 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON