Medium severity5.5NVD Advisory· Published Mar 18, 2026· Updated May 21, 2026
CVE-2026-23247
CVE-2026-23247
Description
In the Linux kernel, the following vulnerability has been resolved:
tcp: secure_seq: add back ports to TS offset
This reverts 28ee1b746f49 ("secure_seq: downgrade to per-host timestamp offsets")
tcp_tw_recycle went away in 2017.
Zhouyan Deng reported off-path TCP source port leakage via SYN cookie side-channel that can be fixed in multiple ways.
One of them is to bring back TCP ports in TS offset randomization.
As a bonus, we perform a single siphash() computation to provide both an ISN and a TS offset.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >4.11,<6.18.17
- cpe:2.3:o:linux:linux_kernel:4.10.14:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.11:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.11:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.11:rc7:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.11:rc8:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- (no CPE)range: >= 4.12
- (no CPE)range: 4.11
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.