CVE-2026-23247 PUBLISHED

tcp: secure_seq: add back ports to TS offset

Assigner: Linux
Reserved: 13.01.2026 Published: 18.03.2026 Updated: 18.03.2026

In the Linux kernel, the following vulnerability has been resolved:

tcp: secure_seq: add back ports to TS offset

This reverts 28ee1b746f49 ("secure_seq: downgrade to per-host timestamp offsets")

tcp_tw_recycle went away in 2017.

Zhouyan Deng reported off-path TCP source port leakage via SYN cookie side-channel that can be fixed in multiple ways.

One of them is to bring back TCP ports in TS offset randomization.

As a bonus, we perform a single siphash() computation to provide both an ISN and a TS offset.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 28ee1b746f493b7c62347d714f58fbf4f70df4f0 to eae2f14ab2efccdb7480fae7d42c4b0116ef8805 (excl.)
  • affected from 28ee1b746f493b7c62347d714f58fbf4f70df4f0 to 46e5b0d7cf55821527adea471ffe52a5afbd9caf (excl.)
  • affected from 28ee1b746f493b7c62347d714f58fbf4f70df4f0 to 165573e41f2f66ef98940cf65f838b2cb575d9d1 (excl.)
  • Version 443fac9f2618b93cbc5ab068dc594530236b3a23 is affected
Vendor Linux
Product Linux
Versions Default: affected
  • Version 4.11 is affected
  • unaffected from 0 to 4.11 (excl.)
  • unaffected from 6.18.17 to 6.18.* (incl.)
  • unaffected from 6.19.7 to 6.19.* (incl.)
  • unaffected from 7.0-rc3 to * (incl.)

References