CVE-2026-23247

Published: Mar 18, 2026

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: tcp: secure_seq: add back ports to TS offset This reverts 28ee1b746f49 ("secure_seq: downgrade to per-host timestamp offsets") tcp_tw_recycle went away in 2017. Zhouyan Deng reported off-path TCP source port leakage via SYN cookie side-channel that can be fixed in multiple ways. One of them is to bring back TCP ports in TS offset randomization. As a bonus, we perform a single siphash() computation to provide both an ISN and a TS offset.

Vendor	Product	Versions
Linux	Linux	affected `28ee1b746f493b7c62347d714f58fbf4f70df4f0 - < eae2f14ab2efccdb7480fae7d42c4b0116ef8805` affected `28ee1b746f493b7c62347d714f58fbf4f70df4f0 - < 46e5b0d7cf55821527adea471ffe52a5afbd9caf` affected `28ee1b746f493b7c62347d714f58fbf4f70df4f0 - < 165573e41f2f66ef98940cf65f838b2cb575d9d1` affected `443fac9f2618b93cbc5ab068dc594530236b3a23` affected `4.10.14 - < 4.11`
Linux	Linux	affected `4.11` unaffected `0 - < 4.11` unaffected `6.18.17 - <= 6.18.` unaffected `6.19.7 - <= 6.19.` unaffected `7.0 - <= *`

References

https://git.kernel.org/stable/c/eae2f14ab2efccdb7480fae7d42c4b0116ef8805

https://git.kernel.org/stable/c/46e5b0d7cf55821527adea471ffe52a5afbd9caf

https://git.kernel.org/stable/c/165573e41f2f66ef98940cf65f838b2cb575d9d1

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-23247

Description

Affected Products

References