Linux Kernel Vulnerability Exposes RSA Decryption Operation to Side-Channel Leakage
CVE-2023-6240

6.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 9.0 Extended Update Support; Red Hat Enterprise Linux 9.2 Extended Update Support
Vendor: CVE Published:; 4 February 2024

What is CVE-2023-6240?

A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.

Affected Version(s)

Red Hat Enterprise Linux 8 0:4.18.0-553.5.1.rt7.346.el8_10

Red Hat Enterprise Linux 8 0:4.18.0-553.5.1.el8_10

Red Hat Enterprise Linux 9 0:5.14.0-427.16.1.el9_4

References

https://access.redhat.com/errata/RHSA-2024:1881

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:1882

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:2758

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 4, 2024
Vulnerability Reserved
Nov 21, 2023