CVE-2023-6240: 
Linux Kernel vulnerability analysis and mitigation

A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This vulnerability was discovered in November 2023 and affects the Linux Kernel's cryptographic operations. The issue allows a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key (CVE Mitre, Red Hat CVE).

The vulnerability is a timing side-channel attack that allows performing RSA decryption and signing operations by observing only the time of the decryption operation performed with the private key. The attack is a return of a 25-year-old vulnerability, known as the Bleichenbacher attack. The vulnerability exists in the numerical library code shared between all padding modes, affecting not just PKCS#1 v1.5, but also OAEP and RSASVE operations (Security Pitfalls, Marvin Attack).

When successfully exploited, this vulnerability allows an attacker to decrypt RSA ciphertexts and forge signatures. For TLS servers that default to RSA encryption key exchanges, attackers can record a session and decrypt it later. The vulnerability also affects other interfaces that perform RSA decryption in an automated manner but don't provide the attacker ability to perform arbitrary operations with the private key, including S/MIME, JSON web tokens, or hardware tokens (Marvin Attack).

The primary mitigation is to stop using RSA PKCS#1 v1.5 encryption. For TLS servers, it is recommended to disable ciphersuites that use RSA encryption and instead use Elliptic Curve Diffie Hellman or Finite Field Diffie Hellman with fresh DHE key shares. Multiple vendors have released patches to address this vulnerability in their implementations (Red Hat Errata).