CVE-2026-43384 PUBLISHED

net/tcp-ao: Fix MAC comparison to be constant-time

Assigner: Linux
Reserved: 01.05.2026 Published: 08.05.2026 Updated: 08.05.2026

In the Linux kernel, the following vulnerability has been resolved:

net/tcp-ao: Fix MAC comparison to be constant-time

To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 0a3a809089eb1d4a0a2fd0c16b520d603988c859 to 8be6ed64966da48b6c4726918f106c18742a5125 (excl.)
  • affected from 0a3a809089eb1d4a0a2fd0c16b520d603988c859 to a269cbdc442f8658bca35383e34b9d0b0ff95a1c (excl.)
  • affected from 0a3a809089eb1d4a0a2fd0c16b520d603988c859 to 080b0e210088296dd50d6637c06c1db14246adfe (excl.)
  • affected from 0a3a809089eb1d4a0a2fd0c16b520d603988c859 to 67edfec516d30d3e62925c397be4a1e5185802fc (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 6.7 is affected
  • unaffected from 0 to 6.7 (excl.)
  • unaffected from 6.12.78 to 6.12.* (incl.)
  • unaffected from 6.18.19 to 6.18.* (incl.)
  • unaffected from 6.19.9 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References