Linux Kernel Vulnerability: MAC Comparison Timing Attack Mitigation
CVE-2025-40204

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40204?

A timing attack vulnerability was identified in the Linux kernel concerning the MAC (Message Authentication Code) comparison process. To mitigate the risk of such attacks, which exploit the timing discrepancies in operations for sensitive data, the kernel now implements a constant-time comparison using an appropriate helper function. This update is essential to reinforce the integrity of communications and protect against potential exploitation by adversaries.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0e8b8c326c2a6de4d837b1bb034ea704f4690d77

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1cd60e0d0fb8f0e62ec4499138afce6342dc9d4c

References

https://git.kernel.org/stable/c/b93fa8dc521d00d2d44bf034f...

https://git.kernel.org/stable/c/0e8b8c326c2a6de4d837b1bb0...

https://git.kernel.org/stable/c/1cd60e0d0fb8f0e62ec449913...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON