Timing Attack Vulnerability in Linux Kernel's ksmbd Component
CVE-2026-23364

7.4HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 March 2026

What is CVE-2026-23364?

A vulnerability has been identified in the Linux kernel's ksmbd component related to MAC comparisons, which could allow for timing attacks. To mitigate this risk, the implementation has been updated to replace the standard memcmp() function with the more secure crypto_memneq(). This change ensures that MAC comparisons occur in constant time, preventing potential attackers from exploiting timing differences to gain unauthorized access to sensitive data.

Affected Version(s)

Linux e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9

Linux e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 < 307afccb751f542246bd5dc68a2c1ffe1a78418c

Linux e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 < 2cdc56ed67615ba0921383a688f24415ebe065f3

References

https://git.kernel.org/stable/c/cd52a0e309659537048a86421...

https://git.kernel.org/stable/c/307afccb751f542246bd5dc68...

https://git.kernel.org/stable/c/2cdc56ed67615ba0921383a68...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Jan 13, 2026

CVE-2026-23364 Data

JSON