CVE-2026-23364 — Observable Timing Discrepancy in Linux

CWE-208 — Observable Timing Discrepancy8 documents7 sources

Severity

7.4HIGHNVD

EPSS

0.0%

top 85.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +1 more

Timeline

PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp() with the correct function, crypto_memneq().

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages5 packages

▶Linuxlinux/linux_kernel5.15.0 — 6.1.167+4

▶Debianlinux/linux_kernel< 6.19.8-1

▶msrcmsrc/azl3_kernel_6.6.126.1-1_on_azure_linux_3.0

▶CVEListV5linux/linuxe2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 — cd52a0e309659537048a864211abc3ea4c5caa63+6

▶debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

OSV

CVE-2026-23364: In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons ne↗2026-03-25

▶

GHSA

GHSA-4mmg-5v66-42gx: In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons↗2026-03-25

▶

OSV

ksmbd: Compare MACs in constant time↗2026-03-25

▶

📋Vendor Advisories

Red Hat

kernel: ksmbd: Compare MACs in constant time↗2026-03-25

▶

Microsoft

ksmbd: Compare MACs in constant time↗2026-03-10

▶

Debian

CVE-2026-23364: linux - In the Linux kernel, the following vulnerability has been resolved: ksmbd: Comp...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23364 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶