CVE-2026-23364
Description
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: Compare MACs in constant time
To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp() with the correct function, crypto_memneq().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A timing side-channel in ksmbd's MAC comparison allows attackers to forge SMB signatures via non-constant-time memcmp().
Vulnerability
CVE-2026-23364 is a timing side-channel vulnerability in the Linux kernel's ksmbd (SMB/CIFS) server. The root cause is that the Message Authentication Code (MAC) comparison in ksmbd uses memcmp(), which is not constant-time. This allows an attacker to infer the correct MAC byte-by-byte by measuring response times, potentially leading to signature forgery [1] signature forgery.
Exploitation
An attacker with network access to a ksmbd server can send crafted SMB requests and observe the timing of authentication responses. No prior authentication is required, as the vulnerability exists in the MAC verification step during session setup. By repeatedly sending requests and measuring response times, the attacker can recover the correct MAC value [1].
Impact
Successful exploitation enables the attacker to forge valid SMB signatures, bypassing integrity checks. This could allow unauthorized access to shared files or impersonation of legitimate clients. The CVSS v3 score is 7.4 (High), reflecting the potential for significant confidentiality and integrity impact [1].
Mitigation
The fix replaces memcmp() with crypto_memneq(), which performs constant-time comparison, eliminating the timing side-channel. The patch has been applied to the Linux kernel stable branches [1][2][3][4]. Users should update their kernels to the latest patched versions.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
10cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=5.15.1,<6.1.167
- cpe:2.3:o:linux:linux_kernel:5.15:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- git.kernel.org/stable/c/2cdc56ed67615ba0921383a688f24415ebe065f3nvdPatch
- git.kernel.org/stable/c/307afccb751f542246bd5dc68a2c1ffe1a78418cnvdPatch
- git.kernel.org/stable/c/93c0a22fec914ec4b697e464895a0f594e29fb28nvdPatch
- git.kernel.org/stable/c/c5794709bc9105935dbedef8b9cf9c06f2b559fanvdPatch
- git.kernel.org/stable/c/cd52a0e309659537048a864211abc3ea4c5caa63nvdPatch
- git.kernel.org/stable/c/f4588b85efd6007d46b80aa1b9fb746628ffb3dcnvdPatch
News mentions
0No linked articles in our index yet.