CVE-2024-0914 MEDIUM

CVE-2024-0914: Opencryptoki: timing side-channel in handling of rsa pkcs#1 v1.5 padded ciphertexts (marvin)

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-203
Published January 31, 2024
Last update March 24, 2026

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.

Key dates

02Disclosure timeline

January 31, 2024 CVE published
March 24, 2026 Record updated