CVE-2023-6240

Summary

A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 80:4.18.0-553.5.1.rt7.346.el8_10 < *unaffected
Red HatRed Hat Enterprise Linux 80:4.18.0-553.5.1.el8_10 < *unaffected
Red HatRed Hat Enterprise Linux 90:5.14.0-427.16.1.el9_4 < *unaffected
Red HatRed Hat Enterprise Linux 90:5.14.0-427.16.1.el9_4 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Extended Update Support0:5.14.0-70.101.1.el9_0 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Extended Update Support0:5.14.0-70.101.1.rt21.173.el9_0 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support0:5.14.0-284.62.1.el9_2 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support0:5.14.0-284.62.1.rt14.347.el9_2 < *unaffected

Weaknesses

  • CWE-203: Observable Discrepancy

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References