Description
In the Linux kernel, the following vulnerability has been resolved:

net/tcp-ao: Fix MAC comparison to be constant-time

To prevent timing attacks, MACs need to be compared in constant
time. Use the appropriate helper function for this.
Published: 2026-05-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability lies in the comparison of Message Authentication Codes in the Linux kernel network stack. The MACs were compared in a non‑constant‑time manner, allowing an attacker to gain information about valid MAC values through timing measurements. The side‑channel attack could enable forging of authenticated packets or leakage of secret data used by TCP‑AO, thereby compromising the integrity of network communication.

Affected Systems

All Linux kernel installations that include TCP‑AO support, regardless of distribution, are affected because the issue resides in the generic kernel code. No specific version details are provided beyond the generic kernel reference.

Risk and Exploitability

Exploitation requires an attacker to send carefully crafted packets when TCP‑AO is enabled and to perform precise timing analysis of packet processing. No CVSS or EPSS metrics are reported, and the vulnerability is not listed in the CISA KEV catalog, indicating limited publicly available exploitation evidence. However, the side‑channel nature of the flaw means that, with sufficient measurement resources, an adversary could infer MAC values, potentially enabling packet forgery or secret data leakage in environments that rely heavily on TCP‑AO authentication.

Generated by OpenCVE AI on May 9, 2026 at 04:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a release that incorporates the constant‑time MAC comparison patch
  • If an immediate upgrade is not possible, disable TCP‑AO features on the affected hosts or restrict their use
  • Monitor vendor advisories for additional updates or patches related to this issue

Generated by OpenCVE AI on May 9, 2026 at 04:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 09 May 2026 03:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-613

Sat, 09 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-208
References

Fri, 08 May 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-613

Fri, 08 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.
Title net/tcp-ao: Fix MAC comparison to be constant-time
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-08T14:21:31.355Z

Reserved: 2026-05-01T14:12:56.006Z

Link: CVE-2026-43384

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T15:16:49.720

Modified: 2026-05-08T15:16:49.720

Link: CVE-2026-43384

cve-icon Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43384 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-09T04:30:17Z

Weaknesses