{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23364", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.002Z", "datePublished": "2026-03-25T10:27:46.960Z", "dateUpdated": "2026-03-25T10:27:46.960Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:27:46.960Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: Compare MACs in constant time\n\nTo prevent timing attacks, MAC comparisons need to be constant-time.\nReplace the memcmp() with the correct function, crypto_memneq()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/Kconfig", "fs/smb/server/auth.c", "fs/smb/server/smb2pdu.c"], "versions": [{"version": "e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9", "lessThan": "cd52a0e309659537048a864211abc3ea4c5caa63", "status": "affected", "versionType": "git"}, {"version": "e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9", "lessThan": "307afccb751f542246bd5dc68a2c1ffe1a78418c", "status": "affected", "versionType": "git"}, {"version": "e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9", "lessThan": "2cdc56ed67615ba0921383a688f24415ebe065f3", "status": "affected", "versionType": "git"}, {"version": "e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9", "lessThan": "93c0a22fec914ec4b697e464895a0f594e29fb28", "status": "affected", "versionType": "git"}, {"version": "e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9", "lessThan": "f4588b85efd6007d46b80aa1b9fb746628ffb3dc", "status": "affected", "versionType": "git"}, {"version": "e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9", "lessThan": "c5794709bc9105935dbedef8b9cf9c06f2b559fa", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/Kconfig", "fs/smb/server/auth.c", "fs/smb/server/smb2pdu.c"], "versions": [{"version": "5.15", "status": "affected"}, {"version": "0", "lessThan": "5.15", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.78", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.19", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.12.78"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.18.19"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "7.0-rc2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/cd52a0e309659537048a864211abc3ea4c5caa63"}, {"url": "https://git.kernel.org/stable/c/307afccb751f542246bd5dc68a2c1ffe1a78418c"}, {"url": "https://git.kernel.org/stable/c/2cdc56ed67615ba0921383a688f24415ebe065f3"}, {"url": "https://git.kernel.org/stable/c/93c0a22fec914ec4b697e464895a0f594e29fb28"}, {"url": "https://git.kernel.org/stable/c/f4588b85efd6007d46b80aa1b9fb746628ffb3dc"}, {"url": "https://git.kernel.org/stable/c/c5794709bc9105935dbedef8b9cf9c06f2b559fa"}], "title": "ksmbd: Compare MACs in constant time", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: Compare MACs in constant time\n\nTo prevent timing attacks, MAC comparisons need to be constant-time.\nReplace the memcmp() with the correct function, crypto_memneq()."}], "id": "CVE-2026-23364", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:35.547", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2cdc56ed67615ba0921383a688f24415ebe065f3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/307afccb751f542246bd5dc68a2c1ffe1a78418c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/93c0a22fec914ec4b697e464895a0f594e29fb28"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c5794709bc9105935dbedef8b9cf9c06f2b559fa"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cd52a0e309659537048a864211abc3ea4c5caa63"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f4588b85efd6007d46b80aa1b9fb746628ffb3dc"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: ksmbd: Compare MACs in constant time", "id": "2451167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451167"}, "csaw": false, "cwe": "CWE-208", "details": ["A flaw was found in ksmbd, a Linux kernel module. This vulnerability stems from the use of a non-constant time memory comparison function when verifying Message Authentication Codes (MACs). A remote attacker could exploit this timing difference to conduct a timing attack, potentially leading to the disclosure of sensitive information."], "name": "CVE-2026-23364", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23364\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23364\nhttps://lore.kernel.org/linux-cve-announce/2026032539-CVE-2026-23364-4267@gregkh/T"]}

{"analysis": {"en": {"generated_at": "2026-03-25T12:51:34.250188+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a version that includes the crypto_memneq() change for ksmbd", "If updating immediately is not possible, disable or restrict the ksmbd service from external, untrusted networks", "Verify that the ksmbd source code uses crypto_memneq() instead of memcmp()", "Check for vendor security bulletins or kernel updates addressing this issue"], "summary": {"action": "Apply patch", "impact": "Timing side\u2011channel disclosure"}, "threat_synthesis": {"affected_systems": "Any Linux kernel installation that includes the ksmbd daemon and has not applied the commit replacing memcmp() with crypto_memneq() is vulnerable. The affected product is the Linux kernel itself; no specific vendor releases are listed.", "description_and_impact": "The ksmbd subsystem in the Linux kernel performs message authentication code (MAC) verification using the ordinary memcmp() function, which reveals how many bytes match before stopping. Because the comparison time depends on the data, an attacker can measure the elapsed time and infer the correct MAC byte by byte, enabling a timing side\u2011channel attack that exposes authentication secrets used by SMB traffic.", "risk_and_exploitability": "No CVSS or EPSS scores are available, and the vulnerability is not in the CISA KEV catalog, suggesting limited publicly known exploitation. The attack vector is likely a remote network connection to the SMB service exposed by ksmbd. Exploitation requires the attacker to send crafted SMB packets and measure response times with sufficient precision. While the technical barrier is moderate, servers exposing SMB to untrusted networks face a significant risk."}}}}, "created": "2026-03-25T21:31:51.736327+00:00", "updated": "2026-03-25T21:31:51.736355+00:00", "vendors": [], "weaknesses": ["CWE-592"]}