Vulnerability Details : CVE-2023-6240
A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.
Products affected by CVE-2023-6240
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6240
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6240
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N |
2.2
|
4.2
|
NIST | 2024-02-13 |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N |
2.2
|
4.2
|
Red Hat, Inc. | 2024-02-04 |
CWE ids for CVE-2023-6240
-
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Primary)
-
The product uses a broken or risky cryptographic algorithm or protocol.Assigned by: secalert@redhat.com (Primary)
-
The product makes resources available to untrusted parties when those resources are only intended to be accessed by the product.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2023-6240
-
https://access.redhat.com/errata/RHSA-2024:3414
RHSA-2024:3414 - Security Advisory - Red Hat Customer Portal
-
https://security.netapp.com/advisory/ntap-20240628-0002/
CVE-2023-6240 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security
-
https://access.redhat.com/errata/RHSA-2024:2758
RHSA-2024:2758 - Security Advisory - Red Hat カスタマーポータル
-
https://people.redhat.com/~hkario/marvin/
The Marvin AttackThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:1882
RHSA-2024:1882 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2024:3618
RHSA-2024:3618 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2024:3421
RHSA-2024:3421 - Security Advisory - Red Hat Customer Portal
-
https://bugzilla.redhat.com/show_bug.cgi?id=2250843
2250843 – (CVE-2023-6240) CVE-2023-6240 kernel: Marvin vulnerability side-channel leakage in the RSA decryption operationIssue Tracking
-
https://access.redhat.com/security/cve/CVE-2023-6240
CVE-2023-6240- Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:1881
RHSA-2024:1881 - Security Advisory - Red Hat カスタマーポータル
-
https://securitypitfalls.wordpress.com/2023/10/16/experiment-with-side-channel-attacks-yourself/
Experiment with side-channel attacks yourself! | securitypitfallsTechnical Description
-
https://access.redhat.com/errata/RHSA-2024:3627
RHSA-2024:3627 - Security Advisory - Red Hat Customer Portal
Jump to