6.5

CVE-2023-6240

Kernel: marvin vulnerability side-channel leakage in the rsa decryption operation

A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version-
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.97% 0.572
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.2 4.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
secalert@redhat.com 6.5 2.2 4.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

https://access.redhat.com/errata/RHSA-2024:2758
https://people.redhat.com/~hkario/marvin/
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3618
https://access.redhat.com/errata/RHSA-2024:3627
https://access.redhat.com/errata/RHSA-2024:1881
https://access.redhat.com/errata/RHSA-2024:1882
https://access.redhat.com/errata/RHSA-2024:3414
https://access.redhat.com/errata/RHSA-2024:3421
https://access.redhat.com/security/cve/CVE-2023-6240
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2250843
Issue Tracking
https://securitypitfalls.wordpress.com/2023/10/16/experiment-with-side-channel-attacks-yourself/
Technical Description
https://security.netapp.com/advisory/ntap-20240628-0002/