Skip to main content

Linux Kernel CVE-2026-43383

| EUVDEUVD-2026-28689 CRITICAL
2026-05-08 Linux GHSA-m4fq-qc69-83h9
Critical
Disputed · 9.4 Vendor: Linux
Share

Severity by source

Sources disagree (Medium–Critical)
Vendor (Linux) PRIMARY
9.4 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
SUSE
CRITICAL
qualitative
Red Hat
4.7 MEDIUM
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorVendor: Linux

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 11, 2026 - 08:31 vuln.today
CVSS changed
May 11, 2026 - 08:22 NVD
9.4 (CRITICAL)
Patch available
May 08, 2026 - 16:18 EUVD
CVE Published
May 08, 2026 - 14:21 nvd
CRITICAL 9.4
CVE Published
May 08, 2026 - 14:21 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

net/tcp-md5: Fix MAC comparison to be constant-time

To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.

AnalysisAI

Timing attacks against TCP MD5 authentication in Linux kernel allow remote attackers to forge connection signatures through MAC comparison oracle. The vulnerability exists because MAC (Message Authentication Code) comparisons in the TCP-MD5 implementation are not constant-time, enabling attackers to extract authentication secrets through timing side-channels. All Linux kernel versions from 2.6.20 through 6.19.9 are affected. Patches are available across all actively maintained stable branches (5.10, 6.1, 6.6, 6.12, 6.18, 6.19, 7.0). EPSS score of 0.02% suggests low automated exploitation probability, though the network-accessible attack vector and authentication bypass capability represent significant risk for systems using TCP MD5 signatures (RFC 2385).

Technical ContextAI

TCP MD5 Signature Option (RFC 2385) provides connection-level authentication for BGP and other critical TCP sessions by computing a keyed MD5 hash over packet contents. The Linux kernel's net/tcp-md5 implementation performs MAC verification to validate incoming packets. The vulnerability stems from using standard memcmp() or similar byte-by-byte comparison functions that terminate early on mismatch, rather than constant-time comparison primitives (likely crypto_memneq() or similar). This creates a timing oracle: attackers can measure response times to infer which bytes of their forged MAC are correct, progressively revealing the correct MAC through iterative probing. The fix replaces variable-time comparison with constant-time helpers that always examine all bytes regardless of match status. This affects TCP connections specifically configured with MD5 authentication (SO_TCP_MD5SIG socket option), commonly used in BGP peering between routers. The vulnerability spans CPE cpe:2.3:a:linux:linux from baseline commit cfb6eeb4c860592edd123fdea908d23c6ad1c7dc through multiple stable branches, with fixes committed across 7 maintenance streams.

RemediationAI

Update to patched Linux kernel versions: 5.10.253 (LTS), 6.1.167 (LTS), 6.6.130 (stable), 6.12.78 (stable), 6.18.19 (stable), 6.19.9 (stable), or 7.0+ (mainline). Distribution-specific updates available through normal package management channels (apt, yum, dnf, zypper). Verify kernel version with 'uname -r' post-update and reboot to activate. Upstream fix commits available at https://git.kernel.org/stable/c/821c8751fdeecdeecabeb11704dd33439c9e4bbc (mainline) and branch-specific commits in references. For systems that cannot immediately patch: disable TCP MD5 authentication on affected connections if operationally feasible (note: this eliminates BGP session authentication and may violate peering requirements). Alternative mitigation is IPsec encapsulation of BGP sessions (RFC 4301), which provides cryptographically stronger authentication not vulnerable to timing attacks - requires coordination with BGP peers and additional IPsec infrastructure. Network-level mitigation via strict ingress filtering can reduce attacker's ability to inject forged packets, but does not address timing oracle exploitation from legitimate network positions. No configuration change alone fully mitigates without patching; workarounds require disabling vulnerable feature or replacing with alternative mechanism.

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43383 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy