What is CVE-2024-6387?

A signal handler race condition in OpenSSH's server (sshd) allows unauthenticated remote code execution as root on glibc-based Linux systems. Affects OpenSSH 8.5p1–9.7p1.

How do I fix CVE-2024-6387?

Upgrade OpenSSH to 9.8p1 or later immediately. Restrict SSH access via firewall: allow only trusted IPs on port 22. Enable fail2ban or equivalent rate-limiting to slow exploitation attempts. Set LoginGraceTime 0 in sshd_config as a temporary workaround (disables grace period). Audit SSH server logs for exploitation attempts (look for connection floods). Consider moving SSH to a non-standard port or VPN-only access (Tailscale, WireGuard).

Which versions are affected by CVE-2024-6387?

Affected: OpenSSH 8.5p1 – 9.7p1 (glibc Linux). Fixed in: OpenSSH 9.8p1+.

criticalCVSS 8.1/10·Published: 2024-07-01·OpenSSH

How to fix CVE-2024-6387 – Step-by-Step Guide

CVE-2024-6387, dubbed 'OpenSSH regreSSHion,' is a critical vulnerability affecting OpenSSH servers. This flaw enables unauthenticated remote code execution (RCE) as root, posing a severe threat to glibc-based Linux systems. Immediate action is required to protect your infrastructure.

CVE ID

CVE-2024-6387

Severity

CRITICAL

CVSS Score

8.1/10

Affected

OpenSSH

What is OpenSSH regreSSHion – Unauthenticated RCE?

CVE-2024-6387 stems from a signal handler race condition within OpenSSH's server (sshd). This vulnerability allows an attacker to execute arbitrary code on the target system without any prior authentication. Specifically, it affects OpenSSH versions 8.5p1 through 9.7p1 running on glibc-based Linux distributions, leading to root-level compromise.

Affected Versions

OpenSSH 8.5p1 – 9.7p1 (glibc Linux)

Fixed In

OpenSSH 9.8p1+

Official References

Impact and Risks for your Infrastructure

Successful exploitation of CVE-2024-6387 results in a full root compromise of the affected SSH server. An attacker gains complete, unauthenticated control over the system, allowing for data exfiltration, service disruption, or further network penetration. This critical flaw can lead to significant business disruption and data breaches.

opensshrcecriticallinux2024

Step-by-Step Mitigation Guide

To mitigate CVE-2024-6387, immediately upgrade your OpenSSH installation to version 9.8p1 or newer. Verify the update by checking your OpenSSH version (`ssh -V`) and restarting the sshd service. Ensure your system is running the patched version to eliminate the RCE risk.

1Upgrade OpenSSH to 9.8p1 or later immediately.
2Restrict SSH access via firewall: allow only trusted IPs on port 22.
3Enable fail2ban or equivalent rate-limiting to slow exploitation attempts.
4Set LoginGraceTime 0 in sshd_config as a temporary workaround (disables grace period).
5Audit SSH server logs for exploitation attempts (look for connection floods).
6Consider moving SSH to a non-standard port or VPN-only access (Tailscale, WireGuard).

Frequently Asked Questions

What is the CVSS score for CVE-2024-6387?▼

CVE-2024-6387 has a CVSS score of 8.1/10 (critical severity). This reflects the most severe potential impact, requiring immediate remediation.

Which versions of OpenSSH are affected?▼

Affected: OpenSSH 8.5p1 – 9.7p1 (glibc Linux). The vulnerability was fixed in: OpenSSH 9.8p1+.

How long does it take to fix CVE-2024-6387?▼

For most teams: 15–60 minutes to apply the patch, plus 15 minutes of post-patch verification. Complex multi-service environments may require 2–4 hours including staging validation.

Is CVE-2024-6387 being actively exploited?▼

Check the NVD entry and CISA KEV catalog for exploitation status. As a critical-severity vulnerability, treat it as a priority remediation regardless of known exploitation status.

Run Security Check →Browse Runbooks →← All CVE Solutions

This CVE fix guide is based on publicly available security advisories (NVD, vendor bulletins). Always test changes in a staging environment before applying to production. Verify against the official vendor advisory for the most up-to-date guidance.