CVE-2026-23364

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-23364
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23364.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-23364
Downstream
Published
2026-03-25T10:27:46.960Z
Modified
2026-04-14T03:48:36.396713Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
ksmbd: Compare MACs in constant time
Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: Compare MACs in constant time

To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp() with the correct function, crypto_memneq().

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23364.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9
Fixed
cd52a0e309659537048a864211abc3ea4c5caa63
Fixed
307afccb751f542246bd5dc68a2c1ffe1a78418c
Fixed
2cdc56ed67615ba0921383a688f24415ebe065f3
Fixed
93c0a22fec914ec4b697e464895a0f594e29fb28
Fixed
f4588b85efd6007d46b80aa1b9fb746628ffb3dc
Fixed
c5794709bc9105935dbedef8b9cf9c06f2b559fa

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23364.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.0
Fixed
6.1.167
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.130
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.78
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.19
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.7

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23364.json"