CVE-2026-43384 Overview
CVE-2026-43384 is a timing side-channel vulnerability in the Linux kernel's TCP Authentication Option (TCP-AO) implementation. The flaw resides in the Message Authentication Code (MAC) comparison routine within net/tcp-ao, which performed byte-by-byte comparisons instead of using a constant-time helper. An attacker measuring response latency across many probes can infer valid MAC bytes and forge authenticated TCP segments. The kernel maintainers resolved the issue by replacing the variable-time comparison with the constant-time helper function appropriate for cryptographic equality checks.
Critical Impact
Remote attackers may recover or forge TCP-AO MAC values through timing analysis, undermining the authenticity guarantees TCP-AO is designed to provide for BGP and other long-lived TCP sessions.
Affected Products
- Linux kernel versions implementing TCP-AO (net/tcp-ao) prior to the upstream fix
- Linux stable branches addressed by commits 080b0e21, 67edfec5, 8be6ed64, and a269cbdc
- Distributions and appliances shipping vulnerable kernels with TCP-AO enabled
Discovery Timeline
- 2026-05-08 - CVE-2026-43384 published to NVD
- 2026-05-12 - Last updated in NVD database
Technical Details for CVE-2026-43384
Vulnerability Analysis
TCP-AO, defined in RFC 5925, authenticates TCP segments using a keyed MAC carried in a dedicated TCP option. The receiving stack computes the expected MAC and compares it to the value supplied by the peer. The vulnerable code path in net/tcp-ao used a comparison routine whose execution time varied based on how many leading bytes matched. This is a classic timing side channel [CWE-208].
An attacker who can send TCP segments to a TCP-AO protected endpoint and observe responses, retransmissions, or RST behavior can use statistical timing analysis to deduce the correct MAC byte-by-byte. Once a valid MAC is recovered, the attacker can inject authenticated segments into long-lived sessions such as BGP peering, breaking the integrity and authenticity properties TCP-AO is meant to guarantee.
Root Cause
The root cause is the use of a non-constant-time memory comparison for cryptographic equality. Standard comparison routines short-circuit on the first mismatched byte, leaking partial information about the expected MAC through execution time. Cryptographic code must use a constant-time helper that always processes all bytes regardless of where mismatches occur.
Attack Vector
The attack is network-based and requires no authentication or user interaction. An attacker sends crafted TCP segments containing guessed MAC values to a target with TCP-AO enabled. By measuring response timing across many trials, the attacker progressively narrows correct MAC bytes. The attack is most practical against systems where the attacker has stable network latency to the target, such as adjacent network segments or peering links.
The upstream patch replaces the variable-time comparison with the kernel's constant-time MAC equality helper. Refer to the Linux kernel commit 67edfec5 for the canonical fix.
Detection Methods for CVE-2026-43384
Indicators of Compromise
- Unusually high volumes of TCP segments to TCP-AO protected ports (BGP port 179, custom services) from a single source
- Repeated TCP segments with varying TCP-AO option MAC values targeting the same connection tuple
- Unexpected session resets or route flaps on BGP peers using TCP-AO
Detection Strategies
- Inspect kernel version strings against the fixed commits and flag hosts running pre-patch builds with TCP-AO enabled
- Correlate packet captures on routing infrastructure for high-rate probing patterns against TCP-AO sessions
- Alert on anomalous variance in TCP-AO authentication failures recorded by TCPAOBad and TCPAOKeyNotFound SNMP counters in /proc/net/netstat
Monitoring Recommendations
- Track per-peer TCP-AO failure counters and trigger thresholds when failure rates spike
- Log and review BGP session state transitions for unexpected resets that may indicate forged segment injection
- Monitor network telemetry for sustained low-rate probing consistent with timing-attack data collection
How to Mitigate CVE-2026-43384
Immediate Actions Required
- Inventory all Linux hosts and network appliances that have TCP-AO enabled, particularly BGP routers and route reflectors
- Apply distribution kernel updates that incorporate the upstream constant-time MAC comparison fix
- Where patching is delayed, restrict reachability to TCP-AO listeners using infrastructure ACLs and peer allowlists
Patch Information
The vulnerability is resolved in the Linux stable trees by the following commits: 080b0e21, 67edfec5, 8be6ed64, and a269cbdc. Rebuild custom kernels from a fixed tag or install vendor kernel packages that backport these commits.
Workarounds
- Apply strict source-address filtering on routers and hosts so only known peers can reach TCP-AO protected ports
- Use IPsec or out-of-band cryptographic transport for sensitive sessions until the kernel patch is deployed
- Increase rate limiting on TCP segments destined to TCP-AO listeners to reduce the feasibility of timing measurements
# Verify running kernel and confirm it includes the TCP-AO constant-time fix
uname -r
grep -E 'TCPAOGood|TCPAOBad|TCPAOKeyNotFound' /proc/net/netstat
# Restrict access to BGP/TCP-AO listeners to known peers (example with nftables)
nft add rule inet filter input tcp dport 179 ip saddr != { 192.0.2.1, 198.51.100.1 } drop
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
