It seems that this flaw is not practically exploitable, the leak of host private key material to the privilege-separated child processes is theoretical. No such leak was observed in practice for normal-sized keys, nor does a leak to the child processes directly expose key material to unprivileged users. Because of the this restriction for successful exploitation, this issue has been rated as having Low security impact. A future update may address this flaw.
CVSS v2 metrics
CVSS v3 metrics
|CVSS3 Base Score||2.5|
|CVSS3 Base Metrics||CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N|
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
|Red Hat Enterprise Linux 7 (openssh)||RHSA-2017:2029||2017-08-01|
Affected Packages State
|Red Hat Enterprise Linux 6||openssh||Will not fix|
|Red Hat Enterprise Linux 5||openssh||Will not fix|
|Red Hat Enterprise Linux 4||openssh||Will not fix|