CVE-2025-40204

Linux Kernel - Timing Attack via SCTP MAC Comparison

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.

Scores

EPSS 0.0019
EPSS Percentile 9.1%

Details

Status published
Products (25)
linux/Kernel 2.6.12 - 5.4.301linux
linux/Kernel 5.11.0 - 5.15.195linux
linux/Kernel 5.16.0 - 6.1.157linux
linux/Kernel 5.5.0 - 5.10.246linux
linux/Kernel 6.13.0 - 6.17.4linux
linux/Kernel 6.2.0 - 6.6.113linux
linux/Kernel 6.7.0 - 6.12.54linux
Linux/Linux < 2.6.12
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 0b32ff285ff6f6f1ac1d9495787ccce8837d6405
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 0e8b8c326c2a6de4d837b1bb034ea704f4690d77
... and 15 more
Published Nov 12, 2025
Tracked Since Feb 18, 2026