net/tcp-md5: Fix MAC comparison to be constant-time_CVE-2026-43383

9.4 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Description

In the Linux kernel, the following vulnerability has been resolved:

net/tcp-md5: Fix MAC comparison to be constant-time

To prevent timing attacks, MACs need to be compared in constant
time. Use the appropriate helper function for this.

Basic Information

ID CVE-2026-43383

Source Linux

Published May 8, 2026 at 14:21

Modified May 11, 2026 at 06:34

Affected Product

Vendor Linux

Product Linux

Version cfb6eeb4c860592edd123fdea908d23c6ad1c7dc

Affected Versions Linux Linux cfb6eeb4c860592edd123fdea908d23c6ad1c7dc
Linux Linux cfb6eeb4c860592edd123fdea908d23c6ad1c7dc
Linux Linux cfb6eeb4c860592edd123fdea908d23c6ad1c7dc
Linux Linux cfb6eeb4c860592edd123fdea908d23c6ad1c7dc
Linux Linux cfb6eeb4c860592edd123fdea908d23c6ad1c7dc
Linux Linux cfb6eeb4c860592edd123fdea908d23c6ad1c7dc
Linux Linux cfb6eeb4c860592edd123fdea908d23c6ad1c7dc
Linux Linux 2.6.20

References

{
    "lastseen": "",
    "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tcp-md5: Fix MAC comparison to be constant-time\n\nTo prevent timing attacks, MACs need to be compared in constant\ntime.  Use the appropriate helper function for this.",
    "published": "2026-05-08T14:21:30.704Z",
    "modified": "2026-05-11T06:34:01.101Z",
    "type": "cve",
    "title": "net/tcp-md5: Fix MAC comparison to be constant-time",
    "source": "Linux",
    "references": "https://git.kernel.org/stable/c/821c8751fdeecdeecabeb11704dd33439c9e4bbc\nhttps://git.kernel.org/stable/c/345a9530756528d7ca407663d659c3c40e75c3dd\nhttps://git.kernel.org/stable/c/5d305a95130a8d08b9545e47f1e18d29d59866cb\nhttps://git.kernel.org/stable/c/02669e2a4d207068edce7e8b5fafd85822018ce6\nhttps://git.kernel.org/stable/c/ae3831b44f477de048287493e184fc3ff913b624\nhttps://git.kernel.org/stable/c/b502e97e29d791ff7a8051f29a414535739be218\nhttps://git.kernel.org/stable/c/46d0d6f50dab706637f4c18a470aac20a21900d3",
    "id": "CVE-2026-43383",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Linux Linux cfb6eeb4c860592edd123fdea908d23c6ad1c7dc\nLinux Linux cfb6eeb4c860592edd123fdea908d23c6ad1c7dc\nLinux Linux cfb6eeb4c860592edd123fdea908d23c6ad1c7dc\nLinux Linux cfb6eeb4c860592edd123fdea908d23c6ad1c7dc\nLinux Linux cfb6eeb4c860592edd123fdea908d23c6ad1c7dc\nLinux Linux cfb6eeb4c860592edd123fdea908d23c6ad1c7dc\nLinux Linux cfb6eeb4c860592edd123fdea908d23c6ad1c7dc\nLinux Linux 2.6.20",
    "sourceHref": "",
    "cvss": {
        "score": 9.4,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Linux",
    "version": "cfb6eeb4c860592edd123fdea908d23c6ad1c7dc",
    "vendor": "Linux",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply