Skip to main content
Delphix

TB116 Delphix Not Vulnerable to CVE-2023-51767 Rowhammer Attack

  1. Last updated
  2. Save as PDF
 

 

Alert Type

Security

Impact

Delphix Severity: None

NVD CVSS v3.1 Score: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Delphix CVSS 3.1 Score: 0.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N

CVE-2023-51767 is a recently identified specific case of the Rowhammer class of attacks on hardware memory and has the potential to impact all versions of OpenSSH to date. 

Based on Delphix and industry analysis there is no practical path to exploitation of this vulnerability on any applicable Delphix products (i.e. products that contain OpenSSH) for the following reasons:

  • An attack is only viable under carefully controlled laboratory conditions.

  • An attack relies on code changes to OpenSSH that are not present in any shipping versions of the software.

  • An attack relies on being launched from within the same OS/VM as the victim sshd process.

Delphix products do not meet any of the required conditions for the described attack to be viable.

Impact Analysis

There is no evidence of this attack being deployed in the wild, or even executed outside of carefully crafted laboratory conditions: the attack has not been demonstrated on any currently shipping version of OpenSSH. To achieve a successful proof of concept of the attack on OpenSSH the researchers controlled multiple variables that would not be practical for an attacker to control in real-world circumstances, including compiling a special version of OpenSSH specifically modified to facilitate the attack. As the lead of the portable OpenSSH project, Damian Miller, observed in the relevant OpenSSH bugtracker

“This attack was not demonstrated against stock OpenSSH, but instead against a modified sshd that had extra synchronisation added to make the attack easier… Nobody has demonstrated this attack against a configuration remotely approximating real-world conditions. We consider rowhammer mitigation to the job of the platform, not userspace software.”

In the laboratory conditions discussed by the researchers (section 9.1: https://arxiv.org/pdf/2309.02545.pdf), several modifications were made to the SSH daemon in order to make the attack easier to execute, commodity consumer hardware that lacks Error Correction Code (ECC) memory was used, and the attacker had access to the same operating system that the victim process was running in.  The attack technique was not demonstrated on any bare metal Type1 hypervisors such as Xen or vSphere that are used in enterprise and public clouds. Execution in real-world conditions is expected to be exceedingly challenging and likely impractical. Due to the impracticality of an attacker controlling the same variables as the researchers, the real-world implications of this attack technique appear to be significantly less than the NVD summary and CVSS Base Score imply.

Background

Rowhammer is a class of attacks that can be performed against many modern computer systems. It involves repeatedly issuing memory requests to a single area of memory, eventually causing nearby memory areas to be adversely affected. In the case of this CVE, this effect is intended to target the SSH authentication process. The value that stores whether password authentication was successful could be affected by Rowhammer, causing the SSH daemon to believe that the authentication process was successful, regardless of the provided password.

Affected Products and Versions 

None

Note: some commercial vulnerability scanners are incorrectly reporting that this issue is fixed in OpenSSH 9.6, however, this is not correct and customers should open a support case with the relevant vendor to get the detection logic corrected

 

Mitigation 

No mitigation is necessary for CVE-2023-51767. Customers may choose to apply known industry Rowhammer mitigations to underlying Hypervisor or hardware at their discretion.

The following guidance is generally recognized to reduce the likelihood of abuse of Rowhammer:

  1. Deploy sensitive workloads on non-shared hardware, or within shared zones designed to reduce potential exposure
    The attack requires that software be executed on the same physical hardware as Delphix’s appliance. Deploying the appliance on non-shared hardware or on hardware only shared with other trusted workloads prevents the attack from occurring.

  2. Deploy sensitive workloads on hardware and/or hypervisors with Rowhammer mitigation
    Some modern processors and memory modules have a number of features that mitigate Rowhammer, making it harder if not impossible to exploit. Examples of these features include Targeted Row Refresh (TRR) from DDR4 memory modules, pseudo-TRR on Ivy Bridge and newer Intel Processors, Error Correcting Code (ECC) RAM, and hardware-assisted virtualization. If these features are available, activating them will reduce the likelihood of the attack from being executed.

Delphix recommends that customers employ existing known mitigations to Rowhammer class attacks, including using modern server class hardware with ECC RAM, hypervisor platforms with Rowhammer mitigations implemented, and employing workload placement techniques to ensure that workloads that might be most sensitive to Rowhammer attacks do not share underlying hardware with workloads that may become attacker controlled. Enterprise and public clouds have options to control hardware placement of workloads.

At this time there is no patch available for OpenSSH, for any operating system.  Delphix routinely includes the latest available security fixes into new Delphix releases. If a patch becomes available then Delphix will incorporate the patch in a subsequent release. However, the evaluation of this CVE on the OpenSSH bugtracker suggests that there is little likelihood of this CVE receiving a patch.

Resolution 

This issue is resolved as not applicable / no impact to Delphix products.

Privacy Policy Terms of Use Legal About
© 2024 Delphix Corp