CVE Catalog

CVE-2026-43383

CriticalCVSS 9.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.43%

34th percentile — higher than 34% of all known CVEs

Summary

A vulnerability in the Linux kernel related to MAC comparison in the tcp-md5 protocol has been fixed to prevent timing attacks.

Risk Assessment

Inadequate MAC comparison may lead to information disclosure through timing attacks, jeopardizing data integrity.

Recommendation

It is recommended to update the Linux kernel to the latest version to benefit from the fix regarding MAC comparison.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS