ksmbd: Compare MACs in constant time_CVE-2026-23364

7.4 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Description

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: Compare MACs in constant time

To prevent timing attacks, MAC comparisons need to be constant-time.
Replace the memcmp() with the correct function, crypto_memneq().

Basic Information

ID CVE-2026-23364

Source Linux

Published Mar 25, 2026 at 10:27

Modified Apr 2, 2026 at 14:44

Affected Product

Vendor Linux

Product Linux

Version e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9

Affected Versions Linux Linux e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9
Linux Linux e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9
Linux Linux e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9
Linux Linux e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9
Linux Linux e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9
Linux Linux e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9
Linux Linux 5.15

References

{
    "lastseen": "",
    "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: Compare MACs in constant time\n\nTo prevent timing attacks, MAC comparisons need to be constant-time.\nReplace the memcmp() with the correct function, crypto_memneq().",
    "published": "2026-03-25T10:27:46.960Z",
    "modified": "2026-04-02T14:44:22.853Z",
    "type": "cve",
    "title": "ksmbd: Compare MACs in constant time",
    "source": "Linux",
    "references": "https://git.kernel.org/stable/c/cd52a0e309659537048a864211abc3ea4c5caa63\nhttps://git.kernel.org/stable/c/307afccb751f542246bd5dc68a2c1ffe1a78418c\nhttps://git.kernel.org/stable/c/2cdc56ed67615ba0921383a688f24415ebe065f3\nhttps://git.kernel.org/stable/c/93c0a22fec914ec4b697e464895a0f594e29fb28\nhttps://git.kernel.org/stable/c/f4588b85efd6007d46b80aa1b9fb746628ffb3dc\nhttps://git.kernel.org/stable/c/c5794709bc9105935dbedef8b9cf9c06f2b559fa",
    "id": "CVE-2026-23364",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Linux Linux e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9\nLinux Linux e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9\nLinux Linux e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9\nLinux Linux e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9\nLinux Linux e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9\nLinux Linux e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9\nLinux Linux 5.15",
    "sourceHref": "",
    "cvss": {
        "score": 7.4,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Linux",
    "version": "e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9",
    "vendor": "Linux",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply