CVE-2025-40204

Vulnerability

Overview

CVE-2025-40204 is a security fix in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation. The vulnerability stems from the usage of a non-constant-time comparison when verifying Message Authentication Codes (MACs). By not using a constant-time comparison, an attacker could exploit timing differences to leak MAC values or forge messages.

Attack

Vector and Exploitation

To exploit this, an attacker would need the ability to observe the system's timing behavior during MAC verification, typically through a local or adjacent network position. The attack does not require authentication but relies on precise timing measurements. The SCTP protocol uses MACs for message integrity and authentication, and a non-constant-time comparison can leak information about the MAC through timing side channels.

Potential

Impact

An attacker could exploit the timing side channel to learn the secret MAC used in SCTP communications, potentially leading to message forgery or denial of service. Since MACs are used for protecting SCTP associations, this could compromise the integrity and authenticity of SCTP packets.

Mitigation

The fix introduces a constant-time MAC comparison function in the Linux kernel. The patch has been merged into stable kernel branches [1][2][3]. Users should apply the latest kernel updates to mitigate this vulnerability.