OpenSSH PreAuth Double Free Vulnerability ! Patch it
OpenSSH 9.2 version has been released to address several security bugs, including a memory safety vulnerability in the OpenSSH server (sshd).
The memory safety bug tracked as CVE-2023-25136, the shortcoming has been classified as a pre-authentication double-free vulnerability that was introduced in version 9.1.
OpenSSH is the open-source implementation of the secure shell (SSH) protocol that offers a suite of services for encrypted communications over an unsecured network in a client-server architecture.
As per the release notes, “This is not believed to be exploitable, and it occurs in the unprivileged pre-auth process that is subject to chroot and is further sandboxed on most major platforms,”
The exposure occurs in the chunk of memory freed twice, the ‘options.kex_algorithms,'” the issue results in a “double free in the unprivileged sshd process.”
Double-free flaws arise when a vulnerable piece of code calls the free() function – which is used to deallocate memory blocks twice, which leads to memory corruption, that which could lead to a crash or execution of arbitrary code.
Since the protective measures put in place by modern memory allocators and the robust privilege separation and sandboxing implemented in the impacted sshd process.
User are recommended to update to OpenSSH 9.2 to mitigate potential security threats