CRITICALCVE-2026-43384Published Modified CNA Linux
CVE-2026-43384: net/tcp-ao: Fix MAC comparison to be constant-time
In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.
Metrics
- CVSS v3.1
- 9.8
- Severity
- CRITICAL
- Fixed in
- 0
- Affected Products
- 2
Fix available
0080b0e210088296dd50d6637c06c1db14246adfe6.12.786.18.196.19.967edfec516d30d3e62925c397be4a1e5185802fc7.08be6ed64966da48b6c4726918f106c18742a5125a269cbdc442f8658bca35383e34b9d0b0ff95a1c
Affected packages
- Linux / Linux< 8be6ed64966da48b6c4726918f106c18742a5125 (from 0a3a809089eb1d4a0a2fd0c16b520d603988c859) · < a269cbdc442f8658bca35383e34b9d0b0ff95a1c (from 0a3a809089eb1d4a0a2fd0c16b520d603988c859) · < 080b0e210088296dd50d6637c06c1db14246adfe (from 0a3a809089eb1d4a0a2fd0c16b520d603988c859) · < 67edfec516d30d3e62925c397be4a1e5185802fc (from 0a3a809089eb1d4a0a2fd0c16b520d603988c859)
- Linux / Linux6.7Fixed in 0, 6.12.78, 6.18.19, 6.19.9, 7.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H