You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2026-23364
About this tag
CVE-2026-23364 is a security vulnerability in ksmbd, the Linux kernel's SMB3 server implementation. The issue involves a non-constant-time MAC comparison in authentication code, which could potentially allow timing attacks. Microsoft's Security Update Guide references this vulnerability, and it has been addressed through fixes in recent Linux kernels and downstream distributions. Discussions on WindowsForum cover the technical details of why constant-time MAC checks are important for SMB security, the nature of the flaw, and the broader context of ongoing security improvements in ksmbd.
CVE-2026-23364 in ksmbd: why a constant-time MAC comparison matters more than it sounds
A new CVE-2026-23364 entry tied to ksmbd, the Linux kernel’s SMB3 server implementation, highlights a security property that can look minor at first glance but matters deeply in authentication code: comparing...