CVE-2025-40204

Summary

In the Linux kernel, the following vulnerability has been resolved:

sctp: Fix MAC comparison to be constant-time

To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < b93fa8dc521d00d2d44bf034fb90e0d79b036617affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0e8b8c326c2a6de4d837b1bb034ea704f4690d77affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1cd60e0d0fb8f0e62ec4499138afce6342dc9d4caffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9c05d44ec24126fc283835b68f82dba3ae985209affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < ed3044b9c810c5c24eb2830053fbfe5fd134c5d4affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8019b3699289fce3f10b63f98601db97b8d105b0affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0b32ff285ff6f6f1ac1d9495787ccce8837d6405affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < dd91c79e4f58fbe2898dac84858033700e0e99fbaffected
LinuxLinux2.6.12affected
LinuxLinux0 < 2.6.12unaffected
LinuxLinux5.4.301 <= 5.4.*unaffected
LinuxLinux5.10.246 <= 5.10.*unaffected
LinuxLinux5.15.195 <= 5.15.*unaffected
LinuxLinux6.1.157 <= 6.1.*unaffected
LinuxLinux6.6.113 <= 6.6.*unaffected
LinuxLinux6.12.54 <= 6.12.*unaffected
LinuxLinux6.17.4 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

References