CVE-2025-0306: 
Linux Red Hat vulnerability analysis and mitigation

A vulnerability (CVE-2025-0306) was discovered in the Ruby interpreter, making it susceptible to the Marvin Attack. This vulnerability was disclosed on January 8, 2025, affecting Ruby implementations that use PKCS#1v1.5 padding in network contexts. The vulnerability allows attackers to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service (Red Hat CVE, NVD).

The vulnerability is classified with a CVSS v3.1 base score of 7.4 (High), with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N. The attack requires the ability to directly or indirectly measure the time of calling RSA::private_decrypt() or PKey::decrypt() and their error handling methods. The vulnerability is categorized as CWE-385 (Covert Timing Channel) (Red Hat CVE).

The successful exploitation of this vulnerability could lead to the decryption of previously encrypted messages and the forging of signatures, potentially compromising the confidentiality and integrity of sensitive data. The attack is particularly concerning in network service contexts where attackers can control messages that trigger the vulnerable functions (Red Hat CVE).

Two primary mitigation strategies are recommended: 1) Avoid using methods with PKCS#1v1.5 padding in network contexts and ensure that any calls perform OAEP decryption only, 2) Use Ruby with a version of OpenSSL that has the implicit rejection mechanism implemented (OpenSSL 3.2.0 or later). The implicit rejection feature has been backported to various RHEL versions (Red Hat CVE).

The vulnerability was discovered by Alicja Kario from Red Hat, and various Linux distributions have responded with different approaches. Ubuntu has noted that the issue is mitigated by having implicit rejection enabled in OpenSSL, which was backported to earlier OpenSSL releases (Ubuntu Security).