FKIE_CVE-2026-23247

Vulnerability from fkie_nvd - Published: 2026-03-18 11:16 - Updated: 2026-03-18 14:52
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: tcp: secure_seq: add back ports to TS offset This reverts 28ee1b746f49 ("secure_seq: downgrade to per-host timestamp offsets") tcp_tw_recycle went away in 2017. Zhouyan Deng reported off-path TCP source port leakage via SYN cookie side-channel that can be fixed in multiple ways. One of them is to bring back TCP ports in TS offset randomization. As a bonus, we perform a single siphash() computation to provide both an ISN and a TS offset.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/165573e41f2f66ef98940cf65f838b2cb575d9d1
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/46e5b0d7cf55821527adea471ffe52a5afbd9caf
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/eae2f14ab2efccdb7480fae7d42c4b0116ef8805
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: secure_seq: add back ports to TS offset\n\nThis reverts 28ee1b746f49 (\"secure_seq: downgrade to per-host timestamp offsets\")\n\ntcp_tw_recycle went away in 2017.\n\nZhouyan Deng reported off-path TCP source port leakage via\nSYN cookie side-channel that can be fixed in multiple ways.\n\nOne of them is to bring back TCP ports in TS offset randomization.\n\nAs a bonus, we perform a single siphash() computation\nto provide both an ISN and a TS offset."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\ntcp: secure_seq: a\u00f1adir de nuevo puertos al desplazamiento TS\n\nEsto revierte 28ee1b746f49 (\u0027secure_seq: degradar a desplazamientos de marca de tiempo por host\u0027)\n\ntcp_tw_recycle desapareci\u00f3 en 2017.\n\nZhouyan Deng inform\u00f3 de una fuga de puerto de origen TCP fuera de ruta a trav\u00e9s de un canal lateral de SYN cookie que se puede solucionar de m\u00faltiples maneras.\n\nUna de ellas es traer de vuelta los puertos TCP en la aleatorizaci\u00f3n del desplazamiento TS.\n\nComo ventaja adicional, realizamos un \u00fanico c\u00e1lculo de siphash() para proporcionar tanto un ISN como un desplazamiento TS."
    }
  ],
  "id": "CVE-2026-23247",
  "lastModified": "2026-03-18T14:52:44.227",
  "metrics": {},
  "published": "2026-03-18T11:16:16.723",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/165573e41f2f66ef98940cf65f838b2cb575d9d1"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/46e5b0d7cf55821527adea471ffe52a5afbd9caf"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/eae2f14ab2efccdb7480fae7d42c4b0116ef8805"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.