CVE-2023-6240

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-6240
A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2024:1881
https://access.redhat.com/errata/RHSA-2024:1882
https://access.redhat.com/errata/RHSA-2024:2758
https://access.redhat.com/errata/RHSA-2024:3414
https://access.redhat.com/errata/RHSA-2024:3421
https://access.redhat.com/errata/RHSA-2024:3618
https://access.redhat.com/errata/RHSA-2024:3627
https://access.redhat.com/security/cve/CVE-2023-6240 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2250843 Issue Tracking
https://people.redhat.com/~hkario/marvin/ Third Party Advisory
https://securitypitfalls.wordpress.com/2023/10/16/experiment-with-side-channel-attacks-yourself/ Technical Description
https://access.redhat.com/errata/RHSA-2024:1881
https://access.redhat.com/errata/RHSA-2024:1882
https://access.redhat.com/errata/RHSA-2024:2758
https://access.redhat.com/errata/RHSA-2024:3414
https://access.redhat.com/errata/RHSA-2024:3421
https://access.redhat.com/errata/RHSA-2024:3618
https://access.redhat.com/errata/RHSA-2024:3627
https://access.redhat.com/security/cve/CVE-2023-6240 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2250843 Issue Tracking
https://people.redhat.com/~hkario/marvin/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20240628-0002/
https://securitypitfalls.wordpress.com/2023/10/16/experiment-with-side-channel-attacks-yourself/ Technical Description
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
History

No history.

Information

Published : 2024-02-04 14:15

Updated : 2024-11-21 08:43

NVD link : CVE-2023-6240

Mitre link : CVE-2023-6240

CVE.ORG link : CVE-2023-6240

JSON object : View

Products Affected

linux

  • linux_kernel

redhat

  • enterprise_linux
CWE
CWE-203

Observable Discrepancy