Main Vulnerability Database Vulnerabilities #VU130802

Information Exposure Through Timing Discrepancy in Linux kernel - CVE-2026-43384

Published: May 9, 2026

Vulnerability identifier: #VU130802

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-43384

CWE-ID: CWE-208

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass message authentication.

The vulnerability exists due to observable timing differences in MAC comparison in tcp-ao when verifying authentication codes. A remote attacker can measure response timing during crafted network interactions to bypass message authentication.

How to mitigate CVE-2026-43384

Install security update from vendor's repository.

Sources

https://git.kernel.org/stable/c/080b0e210088296dd50d6637c06c1db14246adfe
https://git.kernel.org/stable/c/67edfec516d30d3e62925c397be4a1e5185802fc
https://git.kernel.org/stable/c/8be6ed64966da48b6c4726918f106c18742a5125
https://git.kernel.org/stable/c/a269cbdc442f8658bca35383e34b9d0b0ff95a1c

Information Exposure Through Timing Discrepancy in Linux kernel - CVE-2026-43384

Detailed vulnerability description

How to mitigate CVE-2026-43384

Sources

Please verify you're human