In the Linux kernel, the following vulnerability has been resolved:

tcp: secure_seq: add back ports to TS offset

This reverts 28ee1b746f49 ("secure_seq: downgrade to per-host timestamp offsets")

tcp_tw_recycle went away in 2017.

Zhouyan Deng reported off-path TCP source port leakage via
SYN cookie side-channel that can be fixed in multiple ways.

One of them is to bring back TCP ports in TS offset randomization.

As a bonus, we perform a single siphash() computation
to provide both an ISN and a TS offset.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
28ee1b746f493b7c62347d714f58fbf4f70df4f0 affected
< eae2f14ab2efccdb7480fae7d42c4b0116ef8805
28ee1b746f493b7c62347d714f58fbf4f70df4f0 affected
< 46e5b0d7cf55821527adea471ffe52a5afbd9caf
28ee1b746f493b7c62347d714f58fbf4f70df4f0 affected
< 165573e41f2f66ef98940cf65f838b2cb575d9d1
443fac9f2618b93cbc5ab068dc594530236b3a23 affected
Linux Linux affected
Version Status Constraints
4.11 affected
0 unaffected
< 4.11
6.18.17 unaffected
≤ 6.18.*
6.19.7 unaffected
≤ 6.19.*
7.0-rc3 unaffected
≤ *

No data.

No data.

Vendor Product Confidence Versions
Linux Linux Kernel 99%
Version Status Scheme Platform
[28ee1b746f493b7c62347d714f58fbf4f70df4f0,eae2f14ab2efccdb7480fae7d42c4b0116ef8805)
 affected code_commit
[28ee1b746f493b7c62347d714f58fbf4f70df4f0,46e5b0d7cf55821527adea471ffe52a5afbd9caf)
 affected code_commit
[28ee1b746f493b7c62347d714f58fbf4f70df4f0,165573e41f2f66ef98940cf65f838b2cb575d9d1)
 affected code_commit
443fac9f2618b93cbc5ab068dc594530236b3a23
 affected code_commit
Linux Linux Kernel 99%
Version Status Scheme Platform
4.11
 affected generic
[0,4.11)
 unaffected generic
[6.18.17,6.19.0)
 unaffected semver
[6.19.7,6.20.0)
 unaffected semver
[7.0-rc3,*]
 unaffected generic

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/165573e41f2f66ef98940cf65f838b2cb575d9d1 cve-icon cve-icon
https://git.kernel.org/stable/c/46e5b0d7cf55821527adea471ffe52a5afbd9caf cve-icon cve-icon
https://git.kernel.org/stable/c/eae2f14ab2efccdb7480fae7d42c4b0116ef8805 cve-icon cve-icon
History

Wed, 18 Mar 2026 10:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: tcp: secure_seq: add back ports to TS offset This reverts 28ee1b746f49 ("secure_seq: downgrade to per-host timestamp offsets") tcp_tw_recycle went away in 2017. Zhouyan Deng reported off-path TCP source port leakage via SYN cookie side-channel that can be fixed in multiple ways. One of them is to bring back TCP ports in TS offset randomization. As a bonus, we perform a single siphash() computation to provide both an ISN and a TS offset.
Title tcp: secure_seq: add back ports to TS offset
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-03-18T10:05:09.353Z

Reserved: 2026-01-13T15:37:45.989Z

Link: CVE-2026-23247

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-18T11:16:16.723

Modified: 2026-03-18T14:52:44.227

Link: CVE-2026-23247

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-18T12:12:45Z

Weaknesses

No weakness.