CVE-2023-6240 — Observable Discrepancy in Redhat Enterprise Linux

CWE-203 — Observable Discrepancy CWE-327 — Use of a Broken or Risky Cryptographic Algorithm CWE-402 — Resource Leak7 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 79.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Linux

Timeline

PublishedFeb 4

Description

A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:NExploitability: 2.2 | Impact: 4.2

Affected Packages0 packages

Also affects: Enterprise Linux 7.0, 8.0, 9.0

🔴Vulnerability Details

OSV

CVE-2023-6240: A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel↗2024-02-04

▶

GHSA

GHSA-5gvr-285q-pwc3: A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel↗2024-02-04

▶

CVEList

Kernel: marvin vulnerability side-channel leakage in the rsa decryption operation↗2024-02-04

▶

📋Vendor Advisories

Red Hat

kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation↗2023-09-25

▶

Debian

CVE-2023-6240: linux - A Marvin vulnerability side-channel leakage was found in the RSA decryption oper...↗2023

▶

💬Community

Bugzilla

CVE-2023-6240 kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation↗2023-11-21

▶