HIGHCVE-2026-23364Published Modified CNA Linux
CVE-2026-23364: ksmbd: Compare MACs in constant time
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp() with the correct function, crypto_memneq().
Metrics
- CVSS v3.1
- 7.4
- Severity
- HIGH
- Fixed in
- 0
- Affected Products
- 2
Fix available
02cdc56ed67615ba0921383a688f24415ebe065f3307afccb751f542246bd5dc68a2c1ffe1a78418c6.1.1676.6.1306.12.786.18.196.19.77.093c0a22fec914ec4b697e464895a0f594e29fb28c5794709bc9105935dbedef8b9cf9c06f2b559facd52a0e309659537048a864211abc3ea4c5caa63f4588b85efd6007d46b80aa1b9fb746628ffb3dc
Affected packages
- Linux / Linux< cd52a0e309659537048a864211abc3ea4c5caa63 (from e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9) · < 307afccb751f542246bd5dc68a2c1ffe1a78418c (from e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9) · < 2cdc56ed67615ba0921383a688f24415ebe065f3 (from e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9) · < 93c0a22fec914ec4b697e464895a0f594e29fb28 (from e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9) · < f4588b85efd6007d46b80aa1b9fb746628ffb3dc (from e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9) · < c5794709bc9105935dbedef8b9cf9c06f2b559fa (from e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9)
- Linux / Linux5.15Fixed in 0, 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.7, 7.0
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N