Information Exposure Through Timing Discrepancy in Linux kernel - CVE-2026-43383
Published: May 9, 2026
Vulnerability identifier: #VU130801
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43383
CWE-ID: CWE-208
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to observable timing differences in tcp-md5 MAC comparison when verifying TCP MD5 signatures. A remote attacker can measure response timing during crafted network interactions to disclose sensitive information.
How to mitigate CVE-2026-43383
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/02669e2a4d207068edce7e8b5fafd85822018ce6
- https://git.kernel.org/stable/c/345a9530756528d7ca407663d659c3c40e75c3dd
- https://git.kernel.org/stable/c/46d0d6f50dab706637f4c18a470aac20a21900d3
- https://git.kernel.org/stable/c/5d305a95130a8d08b9545e47f1e18d29d59866cb
- https://git.kernel.org/stable/c/821c8751fdeecdeecabeb11704dd33439c9e4bbc
- https://git.kernel.org/stable/c/ae3831b44f477de048287493e184fc3ff913b624
- https://git.kernel.org/stable/c/b502e97e29d791ff7a8051f29a414535739be218