Skip to main content

Linux EUVDEUVD-2026-15344

| CVE-2026-23364 HIGH
2026-03-25 Linux GHSA-4mmg-5v66-42gx
7.4
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
7.4 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
SUSE
5.2 MEDIUM
qualitative

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

5
Re-analysis Queued
Apr 24, 2026 - 15:52 vuln.today
cvss_changed
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15344
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:27 nvd
HIGH 7.4

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: Compare MACs in constant time

To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp() with the correct function, crypto_memneq().

AnalysisAI

The Linux kernel's ksmbd (SMB server implementation) component uses the non-constant-time memcmp() function to compare Message Authentication Codes (MACs) instead of the cryptographically-secure crypto_memneq() function, enabling timing-based attacks to leak authentication credentials. All Linux kernel versions with ksmbd are affected, allowing attackers to potentially forge authentication by measuring response time differences during MAC validation. While no public exploit code is confirmed, multiple stable kernel branches have received patches addressing this vulnerability, indicating kernel maintainers treated this as a legitimate information disclosure risk.

Technical ContextAI

The ksmbd module is a Linux kernel-space SMB (Server Message Block) server implementation used for file sharing and network communication. MAC (Message Authentication Code) comparison is a critical cryptographic operation used to verify the authenticity and integrity of SMB protocol messages. The vulnerability stems from using memcmp(), which performs byte-by-byte comparison and exits early upon finding a mismatch, creating measurable timing differences based on the position of the first differing byte. This violates the constant-time requirement essential for cryptographic comparisons outlined in CWE-208 (Information Exposure Through Timing Discrepancy). The crypto_memneq() kernel function is specifically designed to compare cryptographic values in constant time, regardless of where differences occur, preventing attackers from deriving information through side-channel analysis. Linux kernel versions across multiple stable series (referenced by six distinct stable kernel commits) require patching to replace memcmp with crypto_memneq in the ksmbd authentication path.

RemediationAI

Apply the latest kernel patches addressing this vulnerability by upgrading to kernel versions that include the fixes referenced in the stable kernel repositories. The primary remediation is to update the Linux kernel to a version incorporating one of the six identified patch commits that replace memcmp() with crypto_memneq() in the ksmbd MAC comparison code. Users can verify patching status by checking their kernel version against stable branch commit histories at https://git.kernel.org/stable/. As an interim mitigation pending kernel patching, disable or restrict access to SMB services (ksmbd) if not operationally required, and implement network-level access controls limiting SMB connectivity to trusted, authenticated networks only. Monitor kernel security advisories from your Linux distribution for official patched kernel package releases.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye not-affected - -
bullseye (security) fixed 5.10.251-1 -
bookworm vulnerable 6.1.159-1 -
bookworm (security) vulnerable 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-15344 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy