CVE-2026-23364

EUVD-2026-15344
In the Linux kernel, the following vulnerability has been resolved:

ksmbd: Compare MACs in constant time

To prevent timing attacks, MAC comparisons need to be constant-time.
Replace the memcmp() with the correct function, crypto_memneq().
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.4 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
5.15.1 ≤
𝑥
< 6.1.167
linuxlinux_kernel
6.2 ≤
𝑥
< 6.6.130
linuxlinux_kernel
6.7 ≤
𝑥
< 6.12.78
linuxlinux_kernel
6.13 ≤
𝑥
< 6.18.19
linuxlinux_kernel
6.19 ≤
𝑥
< 6.19.7
linuxlinux_kernel
5.15
linuxlinux_kernel
7.0:rc1
linuxlinux_kernel
7.0:rc2
linuxlinux_kernel
7.0:rc3
linuxlinux_kernel
7.0:rc4
linuxlinux_kernel
7.0:rc5
linuxlinux_kernel
7.0:rc6
linuxlinux_kernel
7.0:rc7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
6.1.170-3
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.251-4
fixed
forky
7.0.4-1
fixed
sid
7.0.4-1
fixed
trixie
vulnerable
trixie (security)
6.12.86-1
fixed
linux-6.1
bullseye (security)
6.1.170-3~deb11u1
fixed
References
https://git.kernel.org/stable/c/2cdc56ed67615ba0921383a688f24415ebe065f3
https://git.kernel.org/stable/c/307afccb751f542246bd5dc68a2c1ffe1a78418c
https://git.kernel.org/stable/c/93c0a22fec914ec4b697e464895a0f594e29fb28
https://git.kernel.org/stable/c/c5794709bc9105935dbedef8b9cf9c06f2b559fa
https://git.kernel.org/stable/c/cd52a0e309659537048a864211abc3ea4c5caa63
https://git.kernel.org/stable/c/f4588b85efd6007d46b80aa1b9fb746628ffb3dc