CVE-2026-23247
Analyzed Analyzed - Analysis Complete
Off-Path TCP Source Port Leakage in Linux Kernel via SYN Cookie Side-Channel

Publication date: 2026-03-18

Last updated on: 2026-05-21

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: tcp: secure_seq: add back ports to TS offset This reverts 28ee1b746f49 ("secure_seq: downgrade to per-host timestamp offsets") tcp_tw_recycle went away in 2017. Zhouyan Deng reported off-path TCP source port leakage via SYN cookie side-channel that can be fixed in multiple ways. One of them is to bring back TCP ports in TS offset randomization. As a bonus, we perform a single siphash() computation to provide both an ISN and a TS offset.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-18
Last Modified
2026-05-21
Generated
2026-06-16
AI Q&A
2026-03-18
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23247
EUVD
EUVD-2026-12810
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel 4.11
linux linux_kernel 4.11
linux linux_kernel 4.10.14
linux linux_kernel 4.11
linux linux_kernel 4.11
linux linux_kernel From 6.19 (inc) to 6.19.7 (exc)
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 4.11 (exc) to 6.18.17 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves an off-path TCP source port leakage via a SYN cookie side-channel in the Linux kernel's TCP implementation.

The issue was related to the way TCP timestamp offsets were handled, specifically after the removal of tcp_tw_recycle in 2017.

To fix this, the Linux kernel reverted a previous change and added back ports to the TCP timestamp offset randomization, improving security by preventing the leakage.

Additionally, a single siphash() computation is now used to provide both an Initial Sequence Number (ISN) and a timestamp offset.

Impact Analysis

This vulnerability could allow an attacker to leak TCP source port information via a side-channel attack, potentially enabling off-path attackers to infer connection details.

Such leakage can be used to facilitate further attacks on TCP connections, such as spoofing or hijacking sessions, compromising network security.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23247. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart