Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID:
 <ME0P300MB0713919015F954023D6D63FAEE1CA@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM>
Date: Wed, 24 Sep 2025 11:45:23 +0000
From: Peter Gutmann <pgut001@...auckland.ac.nz>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>,
	"Adiletta, Andrew" <ajadiletta@....edu>, Solar Designer <solar@...nwall.com>,
	"jcb62281@...il.com" <jcb62281@...il.com>
CC: "openssh@...nssh.com" <openssh@...nssh.com>, "Tol, Caner" <mtol@....edu>,
	"Sunar, Berk" <sunar@....edu>, "Doroz, Yarkin" <ydoroz@....edu>, "Todd C.
 Miller" <Todd.Miller@...rtesan.com>
Subject: Re: Re: [EXT] Re: CVE-2023-51767: a
 bogus CVE in OpenSSH

Jacob Bachmeyer <jcb62281@...il.com> writes:

>The critical issue for exploiting Rowhammer to corrupt spilled register
>values seems to be how long those spilled values remain live in DRAM before
>they are reloaded into the register file and ultimately used.

It also depends on whether they're ever actually read back from RAM or just
end up sitting in cache for a microsecond or two before they're re-fetched
from there.  There are some attacks that exploit the difference between
(glitched) data in RAM and data in cache, but in this case it'd mitigate
Rowhammer by having the corrupted data in RAM ignored if it's still in cache.

Peter.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.