A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2024:1881 | |
https://access.redhat.com/errata/RHSA-2024:1882 | |
https://access.redhat.com/security/cve/CVE-2023-6240 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2250843 | Issue Tracking |
https://people.redhat.com/~hkario/marvin/ | Third Party Advisory |
https://securitypitfalls.wordpress.com/2023/10/16/experiment-with-side-channel-attacks-yourself/ | Technical Description |
Configurations
History
18 Apr 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Mar 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
CWE |
21 Mar 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-327 |
15 Feb 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
CWE |
13 Feb 2024, 00:40
Type | Values Removed | Values Added |
---|---|---|
References | () https://access.redhat.com/security/cve/CVE-2023-6240 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2250843 - Issue Tracking | |
References | () https://people.redhat.com/~hkario/marvin/ - Third Party Advisory | |
References | () https://securitypitfalls.wordpress.com/2023/10/16/experiment-with-side-channel-attacks-yourself/ - Technical Description | |
CPE | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
|
First Time |
Redhat enterprise Linux
Linux linux Kernel Linux Redhat |
|
CWE | CWE-203 | |
Summary |
|
04 Feb 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-04 14:15
Updated : 2024-04-18 04:15
NVD link : CVE-2023-6240
Mitre link : CVE-2023-6240
CVE.ORG link : CVE-2023-6240
JSON object : View
Products Affected
linux
- linux_kernel
redhat
- enterprise_linux
CWE
CWE-203
Observable Discrepancy