CVE-2026-23247
Off-Path TCP Source Port Leakage in Linux Kernel via SYN Cookie Side-Channel
Publication date: 2026-03-18
Last updated on: 2026-03-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves an off-path TCP source port leakage via a SYN cookie side-channel in the Linux kernel's TCP implementation.
The issue was related to the way TCP timestamp offsets were handled, specifically after the removal of tcp_tw_recycle in 2017.
To fix this, the Linux kernel reverted a previous change and added back ports to the TCP timestamp offset randomization, improving security by preventing the leakage.
Additionally, a single siphash() computation is now used to provide both an Initial Sequence Number (ISN) and a timestamp offset.
How can this vulnerability impact me? :
This vulnerability could allow an attacker to leak TCP source port information via a side-channel attack, potentially enabling off-path attackers to infer connection details.
Such leakage can be used to facilitate further attacks on TCP connections, such as spoofing or hijacking sessions, compromising network security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know