The Linux kernel’s ksmbd service performs verification of message authentication codes (MACs) using the generic memcmp routine. Because memcmp stops on the first differing byte, the time taken to compare two MAC values varies with the number of matching leading bytes. This timing variation can be measured by an attacker to recover the correct MAC value byte by byte, allowing them to impersonate an authenticated user on the SMB service. The vulnerability is a classic timing‑based information‑disclosure attack that, if combined with network access to the SMB service, can enable unauthorized access to shared resources. The description indicates that an attacker could measure the timing differences to deduce MAC bytes; it is inferred that this could allow an attacker to impersonate an authenticated user on SMB, but the CVE text does not explicitly confirm that the restored MAC would grant full access.

The vulnerability applies to all Linux kernels that include the ksmbd code before the patch that replaces memcmp with the constant‑time function crypto_memneq. The CPE identifiers indicate affected kernels include the generic Linux kernel, Linux kernel 5.15 releases, and pre‑release builds of Linux 7.0 from release candidate 1 through 7. Kernels that have been updated to include the fix are no longer affected.

The CVSS score of 7.4 indicates a moderate‑to‑high severity vulnerability. The EPSS score of less than 1% suggests that, historically, exploitation is uncommon, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack requires the SMB service to be exposed on the network and the attacker to have the capability to measure response times with sufficient precision. If these conditions are met, the attacker could reconstruct the MAC and gain unauthorized access to SMB shares.