Untriaged
Permalink
CVE-2024-0914
5.9 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
Opencryptoki: timing side-channel in handling of rsa pkcs#1 v1.5 padded ciphertexts (marvin)
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.
References
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry
- RHBZ#2260407 issue-tracking x_refsource_REDHAT
- https://people.redhat.com/~hkario/marvin/
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry
- RHBZ#2260407 issue-tracking x_refsource_REDHAT
- https://people.redhat.com/~hkario/marvin/
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry
- RHBZ#2260407 issue-tracking x_refsource_REDHAT
- https://people.redhat.com/~hkario/marvin/
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry
- RHBZ#2260407 issue-tracking x_refsource_REDHAT
- https://people.redhat.com/~hkario/marvin/
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry
- RHBZ#2260407 issue-tracking x_refsource_REDHAT
- https://people.redhat.com/~hkario/marvin/
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1856 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry
- RHBZ#2260407 issue-tracking x_refsource_REDHAT
- https://people.redhat.com/~hkario/marvin/
- RHBZ#2260407 issue-tracking x_refsource_REDHAT
- https://people.redhat.com/~hkario/marvin/
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1856 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1992 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1856 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1992 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry
- RHBZ#2260407 issue-tracking x_refsource_REDHAT
- https://people.redhat.com/~hkario/marvin/
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1856 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1992 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry
- RHBZ#2260407 issue-tracking x_refsource_REDHAT
- https://people.redhat.com/~hkario/marvin/
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1856 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1992 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry
- RHBZ#2260407 issue-tracking x_refsource_REDHAT
- https://people.redhat.com/~hkario/marvin/
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1856 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1992 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2260407 issue-tracking x_refsource_REDHAT x_transferred
- https://people.redhat.com/~hkario/marvin/ x_transferred
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1856 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1992 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry
- RHBZ#2260407 issue-tracking x_refsource_REDHAT
- https://people.redhat.com/~hkario/marvin/
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1856 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1992 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2260407 issue-tracking x_refsource_REDHAT x_transferred
- https://people.redhat.com/~hkario/marvin/ x_transferred
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1856 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1992 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry
- RHBZ#2260407 issue-tracking x_refsource_REDHAT
- https://people.redhat.com/~hkario/marvin/
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1856 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1992 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2260407 issue-tracking x_refsource_REDHAT x_transferred
- https://people.redhat.com/~hkario/marvin/ x_transferred
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1856 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1992 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry
- RHBZ#2260407 issue-tracking x_refsource_REDHAT
- https://people.redhat.com/~hkario/marvin/
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1856 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1992 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2260407 issue-tracking x_refsource_REDHAT x_transferred
- https://people.redhat.com/~hkario/marvin/ x_transferred
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1856 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1992 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry
- RHBZ#2260407 issue-tracking x_refsource_REDHAT
- https://people.redhat.com/~hkario/marvin/
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2260407 issue-tracking x_refsource_REDHAT x_transferred
- https://people.redhat.com/~hkario/marvin/ x_transferred
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1856 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1992 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1856 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1992 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry
- RHBZ#2260407 issue-tracking x_refsource_REDHAT
- https://people.redhat.com/~hkario/marvin/
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1856 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1992 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2260407 issue-tracking x_refsource_REDHAT x_transferred
- https://people.redhat.com/~hkario/marvin/ x_transferred
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1856 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1992 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry
- RHBZ#2260407 issue-tracking x_refsource_REDHAT
- https://people.redhat.com/~hkario/marvin/
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1856 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1992 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2260407 issue-tracking x_refsource_REDHAT x_transferred
- https://people.redhat.com/~hkario/marvin/ x_transferred
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1856 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1992 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry
- RHBZ#2260407 issue-tracking x_refsource_REDHAT
- https://people.redhat.com/~hkario/marvin/
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1856 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1992 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2260407 issue-tracking x_refsource_REDHAT x_transferred
- https://people.redhat.com/~hkario/marvin/ x_transferred
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1856 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1992 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry
- RHBZ#2260407 issue-tracking x_refsource_REDHAT
- https://people.redhat.com/~hkario/marvin/
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1856 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1992 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2260407 issue-tracking x_refsource_REDHAT x_transferred
- https://people.redhat.com/~hkario/marvin/ x_transferred
- RHSA-2024:1992 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry
- RHBZ#2260407 issue-tracking x_refsource_REDHAT
- https://people.redhat.com/~hkario/marvin/
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1856 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1239 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1411 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1608 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1856 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1992 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0914 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2260407 issue-tracking x_refsource_REDHAT x_transferred
- https://people.redhat.com/~hkario/marvin/ x_transferred
Affected products
openCryptoki
opencryptoki
- *
- <3.23.0
Matching in nixpkgs
pkgs.opencryptoki
PKCS#11 implementation for Linux
-
nixos-unstable -
- nixpkgs-unstable 3.25.0