Linux Kernel TCP-MD5 Timing Attack Vulnerability Mitigated by Constant-Time MAC Comparison

A vulnerability in the Linux kernel's TCP MD5 signature option implementation has been addressed. The issue was related to MAC (Message Authentication Code) comparisons, which were not performed in constant time, potentially allowing for timing attacks. This vulnerability affected the TCP MD5 signature option support in RFC2385, particularly in BGP (Border Gateway Protocol) sessions between core routers. The vulnerability has been resolved by modifying the MAC comparison to be constant-time, using an appropriate helper function. The fix is included in the Linux kernel stable tree.

Impact

The vulnerability could have allowed for timing attacks by manipulating the timing of MAC comparisons, potentially leading to the exploitation of the TCP MD5 signature option support.

Reproduction

The vulnerability could be reproduced by enabling the TCP MD5 signature option in a BGP session between routers. The timing attack could then be executed by manipulating the timing of the MD5 hash comparisons, taking advantage of the non-constant-time behavior to infer information about the hash values being compared.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been fixed.