{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-6240", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-11-21T12:10:21.499Z", "datePublished": "2024-02-04T14:11:17.824Z", "dateUpdated": "2024-09-13T23:29:47.203Z"}, "containers": {"cna": {"title": "Kernel: marvin vulnerability side-channel leakage in the rsa decryption operation", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel-rt", "defaultStatus": "affected", "versions": [{"version": "0:4.18.0-553.5.1.rt7.346.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "affected", "versions": [{"version": "0:4.18.0-553.5.1.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "affected", "versions": [{"version": "0:5.14.0-427.16.1.el9_4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "affected", "versions": [{"version": "0:5.14.0-427.16.1.el9_4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "affected", "versions": [{"version": "0:5.14.0-70.101.1.el9_0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_eus:9.0::baseos", "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/a:redhat:rhel_eus:9.0::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel-rt", "defaultStatus": "affected", "versions": [{"version": "0:5.14.0-70.101.1.rt21.173.el9_0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.0::realtime", "cpe:/a:redhat:rhel_eus:9.0::nfv"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "affected", "versions": [{"version": "0:5.14.0-284.62.1.el9_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/o:redhat:rhel_eus:9.2::baseos", "cpe:/a:redhat:rhel_eus:9.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel-rt", "defaultStatus": "affected", "versions": [{"version": "0:5.14.0-284.62.1.rt14.347.el9_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.2::realtime", "cpe:/a:redhat:rhel_eus:9.2::nfv"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel-rt", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel-rt", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:1881", "name": "RHSA-2024:1881", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1882", "name": "RHSA-2024:1882", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2758", "name": "RHSA-2024:2758", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3414", "name": "RHSA-2024:3414", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3421", "name": "RHSA-2024:3421", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3618", "name": "RHSA-2024:3618", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3627", "name": "RHSA-2024:3627", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-6240", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250843", "name": "RHBZ#2250843", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://people.redhat.com/~hkario/marvin/"}, {"url": "https://securitypitfalls.wordpress.com/2023/10/16/experiment-with-side-channel-attacks-yourself/"}], "datePublic": "2023-09-25T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-203", "description": "Observable Discrepancy", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-203: Observable Discrepancy", "timeline": [{"lang": "en", "time": "2023-11-21T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-09-25T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-13T23:29:47.203Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:21:18.112Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:1881", "name": "RHSA-2024:1881", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1882", "name": "RHSA-2024:1882", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2758", "name": "RHSA-2024:2758", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3414", "name": "RHSA-2024:3414", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3421", "name": "RHSA-2024:3421", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3618", "name": "RHSA-2024:3618", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3627", "name": "RHSA-2024:3627", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-6240", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250843", "name": "RHBZ#2250843", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://people.redhat.com/~hkario/marvin/", "tags": ["x_transferred"]}, {"url": "https://securitypitfalls.wordpress.com/2023/10/16/experiment-with-side-channel-attacks-yourself/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240628-0002/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key."}, {"lang": "es", "value": "Se encontr\u00f3 una fuga de canal lateral de vulnerabilidad de Marvin en la operaci\u00f3n de descifrado RSA en el kernel de Linux. Este problema puede permitir que un atacante de red descifre textos cifrados o falsifique firmas, limitando los servicios que utilizan esa clave privada."}], "id": "CVE-2023-6240", "lastModified": "2024-09-14T00:15:12.483", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.2, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-02-04T14:15:47.787", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1881"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1882"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2758"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3414"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3421"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3618"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3627"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-6240"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250843"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://people.redhat.com/~hkario/marvin/"}, {"source": "secalert@redhat.com", "tags": ["Technical Description"], "url": "https://securitypitfalls.wordpress.com/2023/10/16/experiment-with-side-channel-attacks-yourself/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3627", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.5.1.rt7.346.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-06-05T00:00:00Z"}, {"advisory": "RHSA-2024:3618", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.5.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-06-05T00:00:00Z"}, {"advisory": "RHSA-2024:2758", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.16.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-05-08T00:00:00Z"}, {"advisory": "RHSA-2024:2758", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.16.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-05-08T00:00:00Z"}, {"advisory": "RHSA-2024:3421", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "kernel-0:5.14.0-70.101.1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-05-28T00:00:00Z"}, {"advisory": "RHSA-2024:3414", "cpe": "cpe:/a:redhat:rhel_eus:9.0::nfv", "package": "kernel-rt-0:5.14.0-70.101.1.rt21.173.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-05-28T00:00:00Z"}, {"advisory": "RHSA-2024:1881", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.62.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-04-18T00:00:00Z"}, {"advisory": "RHSA-2024:1882", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.62.1.rt14.347.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-04-18T00:00:00Z"}], "bugzilla": {"description": "kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation", "id": "2250843", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250843"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "status": "verified"}, "cwe": "CWE-203", "details": ["A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.", "A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key."], "name": "CVE-2023-6240", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-09-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-6240\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6240\nhttps://people.redhat.com/~hkario/marvin/\nhttps://securitypitfalls.wordpress.com/2023/10/16/experiment-with-side-channel-attacks-yourself/"], "threat_severity": "Moderate"}