CVE-2026-23364
Published: 25 March 2026
Summary
CVE-2026-23364 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-23364 is a vulnerability in the ksmbd (Kernel Samba) component of the Linux kernel. It stems from the use of memcmp() for MAC (Message Authentication Code) comparisons, which are not performed in constant time and thus susceptible to timing attacks. The issue was resolved by replacing memcmp() with crypto_memneq(), ensuring constant-time comparisons to mitigate such side-channel risks.
The vulnerability can be exploited by remote attackers over the network (AV:N), though it requires high attack complexity (AC:H), no privileges (PR:N), and no user interaction (UI:N). Per the CVSS v3.1 base score of 7.4 (S:U/C:H/I:H/A:N), successful exploitation could result in high confidentiality and integrity impacts, such as potential information disclosure or manipulation via precise timing measurements of MAC validation responses in SMB communications.
Mitigation is provided through patches in Linux kernel stable releases, as detailed in the following commit references: https://git.kernel.org/stable/c/2cdc56ed67615ba0921383a688f24415ebe065f3, https://git.kernel.org/stable/c/307afccb751f542246bd5dc68a2c1ffe1a78418c, https://git.kernel.org/stable/c/93c0a22fec914ec4b697e464895a0f594e29fb28, https://git.kernel.org/stable/c/c5794709bc9105935dbedef8b9cf9c06f2b559fa, and https://git.kernel.org/stable/c/cd52a0e309659537048a864211abc3ea4c5caa63. Security practitioners should apply these updates to affected kernels running ksmbd to prevent exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-15344
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp() with the correct function, crypto_memneq().
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote network timing side-channel on SMB MAC verification directly enables exploitation of public-facing kernel service (T1190) and weakens cryptographic protections (T1600).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the vulnerability by identifying, reporting, and applying kernel patches that replace non-constant-time memcmp with crypto_memneq for secure MAC comparisons in ksmbd.
Prevents exposure to the ksmbd timing attack by configuring systems to provide only essential capabilities and restricting unnecessary kernel Samba functionality.
Identifies the ksmbd vulnerability through ongoing vulnerability scanning and monitoring of kernel components, enabling timely remediation.