CVE-2026-23364 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp() with the correct function, crypto_memneq().

PUBLISHED Reserved 2026-01-13 | Published 2026-03-25 | Updated 2026-05-11 | Assigner Linux

HIGH: 7.4CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Product status

Default status

unaffected

e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 (git) before cd52a0e309659537048a864211abc3ea4c5caa63

affected

e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 (git) before 307afccb751f542246bd5dc68a2c1ffe1a78418c

affected

e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 (git) before 2cdc56ed67615ba0921383a688f24415ebe065f3

affected

e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 (git) before 93c0a22fec914ec4b697e464895a0f594e29fb28

affected

e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 (git) before f4588b85efd6007d46b80aa1b9fb746628ffb3dc

affected

e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 (git) before c5794709bc9105935dbedef8b9cf9c06f2b559fa

affected

Default status

affected

5.15

affected

Any version before 5.15

unaffected

6.1.167 (semver)

unaffected

6.6.130 (semver)

unaffected

6.12.78 (semver)

unaffected

6.18.19 (semver)

unaffected

6.19.7 (semver)

unaffected

7.0 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/cd52a0e309659537048a864211abc3ea4c5caa63

git.kernel.org/...c/307afccb751f542246bd5dc68a2c1ffe1a78418c

git.kernel.org/...c/2cdc56ed67615ba0921383a688f24415ebe065f3

git.kernel.org/...c/93c0a22fec914ec4b697e464895a0f594e29fb28

git.kernel.org/...c/f4588b85efd6007d46b80aa1b9fb746628ffb3dc

git.kernel.org/...c/c5794709bc9105935dbedef8b9cf9c06f2b559fa

cve.org (CVE-2026-23364)

nvd.nist.gov (CVE-2026-23364)

Download JSON