CVE-2026-23247
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
tcp: secure_seq: add back ports to TS offset
This reverts 28ee1b746f49 ("secure_seq: downgrade to per-host timestamp offsets")
tcp_tw_recycle went away in 2017.
Zhouyan Deng reported off-path TCP source port leakage via SYN cookie side-channel that can be fixed in multiple ways.
One of them is to bring back TCP ports in TS offset randomization.
As a bonus, we perform a single siphash() computation to provide both an ISN and a TS offset.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 28ee1b746f493b7c62347d714f58fbf4f70df4f0 < 5da5662181ef8a251e3ba564903002c2e87de452 | affected |
| Linux | Linux | 28ee1b746f493b7c62347d714f58fbf4f70df4f0 < eae2f14ab2efccdb7480fae7d42c4b0116ef8805 | affected |
| Linux | Linux | 28ee1b746f493b7c62347d714f58fbf4f70df4f0 < 46e5b0d7cf55821527adea471ffe52a5afbd9caf | affected |
| Linux | Linux | 28ee1b746f493b7c62347d714f58fbf4f70df4f0 < 165573e41f2f66ef98940cf65f838b2cb575d9d1 | affected |
| Linux | Linux | 443fac9f2618b93cbc5ab068dc594530236b3a23 | affected |
| Linux | Linux | 4.10.14 < 4.11 | affected |
| Linux | Linux | 4.11 | affected |
| Linux | Linux | 0 < 4.11 | unaffected |
| Linux | Linux | 6.12.94 <= 6.12.* | unaffected |
| Linux | Linux | 6.18.17 <= 6.18.* | unaffected |
| Linux | Linux | 6.19.7 <= 6.19.* | unaffected |
| Linux | Linux | 7.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/5da5662181ef8a251e3ba564903002c2e87de452
- https://git.kernel.org/stable/c/eae2f14ab2efccdb7480fae7d42c4b0116ef8805
- https://git.kernel.org/stable/c/46e5b0d7cf55821527adea471ffe52a5afbd9caf
- https://git.kernel.org/stable/c/165573e41f2f66ef98940cf65f838b2cb575d9d1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.