#VU124479 Observable discrepancy in Linux kernel - CVE-2026-23364
Published: March 25, 2026
Vulnerability identifier: #VU124479
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23364
CWE-ID: CWE-203
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to obtain sensitive information.
The vulnerability exists due to improper timing handling in the ksmbd component when comparing message authentication codes (MACs). A local user can leverage timing differences during MAC comparison to infer sensitive information.
Exploitation requires local access and the ability to trigger MAC comparisons through the ksmbd subsystem.
Remediation
Install security update from vendor's repository.
External links
- https://git.kernel.org/stable/c/2cdc56ed67615ba0921383a688f24415ebe065f3
- https://git.kernel.org/stable/c/307afccb751f542246bd5dc68a2c1ffe1a78418c
- https://git.kernel.org/stable/c/93c0a22fec914ec4b697e464895a0f594e29fb28
- https://git.kernel.org/stable/c/c5794709bc9105935dbedef8b9cf9c06f2b559fa
- https://git.kernel.org/stable/c/cd52a0e309659537048a864211abc3ea4c5caa63
- https://git.kernel.org/stable/c/f4588b85efd6007d46b80aa1b9fb746628ffb3dc