Description

In the Linux kernel, the following vulnerability has been resolved: tcp: secure_seq: add back ports to TS offset This reverts 28ee1b746f49 ("secure_seq: downgrade to per-host timestamp offsets") tcp_tw_recycle went away in 2017. Zhouyan Deng reported off-path TCP source port leakage via SYN cookie side-channel that can be fixed in multiple ways. One of them is to bring back TCP ports in TS offset randomization. As a bonus, we perform a single siphash() computation to provide both an ISN and a TS offset.

INFO

Published Date :

2026-03-18T10:05:09.353Z

Last Modified :

2026-04-13T06:03:04.908Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23247 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23247.

URL Resource
https://git.kernel.org/stable/c/165573e41f2f66ef98940cf65f838b2cb575d9d1 cve-icon cve-icon
https://git.kernel.org/stable/c/46e5b0d7cf55821527adea471ffe52a5afbd9caf cve-icon cve-icon
https://git.kernel.org/stable/c/eae2f14ab2efccdb7480fae7d42c4b0116ef8805 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026031818-CVE-2026-23247-07b3@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-23247 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-23247 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact