Cyber Resilience

CVE-2026-43383

Critical

Published: 08 May 2026

Published
08 May 2026
Modified
26 May 2026
KEV Added
Patch
CVSS Score v3.1 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
EPSS Score 0.0044 35.5th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-43383 is a critical-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 9.4 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 35.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
Why these techniques?

Timing side-channel in TCP-MD5 MAC comparison enables remote credential/key recovery via crafted probes.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

Affected Assets

linux
linux kernel
7.0 · 2.6.20 — 5.10.253 · 5.11 — 6.1.167 · 6.2 — 6.6.130

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References