CVE-2026-23247
Analyzed Analyzed - Analysis Complete

Off-Path TCP Source Port Leakage in Linux Kernel via SYN Cookie Side-Channel

Vulnerability report for CVE-2026-23247, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-18

Last updated on: 2026-06-19

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: tcp: secure_seq: add back ports to TS offset This reverts 28ee1b746f49 ("secure_seq: downgrade to per-host timestamp offsets") tcp_tw_recycle went away in 2017. Zhouyan Deng reported off-path TCP source port leakage via SYN cookie side-channel that can be fixed in multiple ways. One of them is to bring back TCP ports in TS offset randomization. As a bonus, we perform a single siphash() computation to provide both an ISN and a TS offset.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-18
Last Modified
2026-06-19
Generated
2026-07-07
AI Q&A
2026-03-18
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel 4.11
linux linux_kernel 4.11
linux linux_kernel 4.10.14
linux linux_kernel 4.11
linux linux_kernel 4.11
linux linux_kernel From 6.19 (inc) to 6.19.7 (exc)
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 4.11 (exc) to 6.18.17 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves an off-path TCP source port leakage via a SYN cookie side-channel in the Linux kernel's TCP implementation.

The issue was related to the way TCP timestamp offsets were handled, specifically after the removal of tcp_tw_recycle in 2017.

To fix this, the Linux kernel reverted a previous change and added back ports to the TCP timestamp offset randomization, improving security by preventing the leakage.

Additionally, a single siphash() computation is now used to provide both an Initial Sequence Number (ISN) and a timestamp offset.

Impact Analysis

This vulnerability could allow an attacker to leak TCP source port information via a side-channel attack, potentially enabling off-path attackers to infer connection details.

Such leakage can be used to facilitate further attacks on TCP connections, such as spoofing or hijacking sessions, compromising network security.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23247. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart