CVE-2026-23247 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: tcp: secure_seq: add back ports to TS offset This reverts 28ee1b746f49 ("secure_seq: downgrade to per-host timestamp offsets") tcp_tw_recycle went away in 2017. Zhouyan Deng reported off-path TCP source port leakage via SYN cookie side-channel that can be fixed in multiple ways. One of them is to bring back TCP ports in TS offset randomization. As a bonus, we perform a single siphash() computation to provide both an ISN and a TS offset.

PUBLISHED Reserved 2026-01-13 | Published 2026-03-18 | Updated 2026-04-13 | Assigner Linux

Product status

Default status

unaffected

28ee1b746f493b7c62347d714f58fbf4f70df4f0 (git) before eae2f14ab2efccdb7480fae7d42c4b0116ef8805

affected

28ee1b746f493b7c62347d714f58fbf4f70df4f0 (git) before 46e5b0d7cf55821527adea471ffe52a5afbd9caf

affected

28ee1b746f493b7c62347d714f58fbf4f70df4f0 (git) before 165573e41f2f66ef98940cf65f838b2cb575d9d1

affected

443fac9f2618b93cbc5ab068dc594530236b3a23 (git)

affected

Default status

affected

4.11

affected

Any version before 4.11

unaffected

6.18.17 (semver)

unaffected

6.19.7 (semver)

unaffected

7.0 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/eae2f14ab2efccdb7480fae7d42c4b0116ef8805

git.kernel.org/...c/46e5b0d7cf55821527adea471ffe52a5afbd9caf

git.kernel.org/...c/165573e41f2f66ef98940cf65f838b2cb575d9d1

cve.org (CVE-2026-23247)

nvd.nist.gov (CVE-2026-23247)

Download JSON

help @ threatint.eu