{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23247", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.989Z", "datePublished": "2026-03-18T10:05:09.353Z", "dateUpdated": "2026-05-23T16:04:20.827Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-23T16:04:20.827Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: secure_seq: add back ports to TS offset\n\nThis reverts 28ee1b746f49 (\"secure_seq: downgrade to per-host timestamp offsets\")\n\ntcp_tw_recycle went away in 2017.\n\nZhouyan Deng reported off-path TCP source port leakage via\nSYN cookie side-channel that can be fixed in multiple ways.\n\nOne of them is to bring back TCP ports in TS offset randomization.\n\nAs a bonus, we perform a single siphash() computation\nto provide both an ISN and a TS offset."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/net/secure_seq.h", "include/net/tcp.h", "net/core/secure_seq.c", "net/ipv4/syncookies.c", "net/ipv4/tcp_input.c", "net/ipv4/tcp_ipv4.c", "net/ipv6/syncookies.c", "net/ipv6/tcp_ipv6.c"], "versions": [{"version": "28ee1b746f493b7c62347d714f58fbf4f70df4f0", "lessThan": "eae2f14ab2efccdb7480fae7d42c4b0116ef8805", "status": "affected", "versionType": "git"}, {"version": "28ee1b746f493b7c62347d714f58fbf4f70df4f0", "lessThan": "46e5b0d7cf55821527adea471ffe52a5afbd9caf", "status": "affected", "versionType": "git"}, {"version": "28ee1b746f493b7c62347d714f58fbf4f70df4f0", "lessThan": "165573e41f2f66ef98940cf65f838b2cb575d9d1", "status": "affected", "versionType": "git"}, {"version": "443fac9f2618b93cbc5ab068dc594530236b3a23", "status": "affected", "versionType": "git"}, {"version": "4.10.14", "lessThan": "4.11", "status": "affected", "versionType": "semver"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/net/secure_seq.h", "include/net/tcp.h", "net/core/secure_seq.c", "net/ipv4/syncookies.c", "net/ipv4/tcp_input.c", "net/ipv4/tcp_ipv4.c", "net/ipv6/syncookies.c", "net/ipv6/tcp_ipv6.c"], "versions": [{"version": "4.11", "status": "affected"}, {"version": "0", "lessThan": "4.11", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "7.0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10.14"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/eae2f14ab2efccdb7480fae7d42c4b0116ef8805"}, {"url": "https://git.kernel.org/stable/c/46e5b0d7cf55821527adea471ffe52a5afbd9caf"}, {"url": "https://git.kernel.org/stable/c/165573e41f2f66ef98940cf65f838b2cb575d9d1"}], "title": "tcp: secure_seq: add back ports to TS offset", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "93C0B2B1-66EF-41A6-8FCE-4ED37AB02E2A", "versionEndExcluding": "6.18.17", "versionStartExcluding": "4.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "69245D10-0B71-485E-80C3-A64F077004D3", "versionEndExcluding": "6.19.7", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.10.14:*:*:*:*:*:*:*", "matchCriteriaId": "C30F9041-D8C3-4F81-B9F1-08BA07D0AE00", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.11:-:*:*:*:*:*:*", "matchCriteriaId": "623D643F-123E-4D3E-8CBF-16BF845D734B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.11:rc6:*:*:*:*:*:*", "matchCriteriaId": "D67BFFD0-1A52-4F5D-98DB-D94B58FD8D30", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.11:rc7:*:*:*:*:*:*", "matchCriteriaId": "7D996F38-22AC-4059-84FC-F7D69CE0CB9B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.11:rc8:*:*:*:*:*:*", "matchCriteriaId": "97EFF4F7-E5F9-4FAA-AD58-94A24501AD59", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: secure_seq: add back ports to TS offset\n\nThis reverts 28ee1b746f49 (\"secure_seq: downgrade to per-host timestamp offsets\")\n\ntcp_tw_recycle went away in 2017.\n\nZhouyan Deng reported off-path TCP source port leakage via\nSYN cookie side-channel that can be fixed in multiple ways.\n\nOne of them is to bring back TCP ports in TS offset randomization.\n\nAs a bonus, we perform a single siphash() computation\nto provide both an ISN and a TS offset."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\ntcp: secure_seq: a\u00f1adir de nuevo puertos al desplazamiento TS\n\nEsto revierte 28ee1b746f49 ('secure_seq: degradar a desplazamientos de marca de tiempo por host')\n\ntcp_tw_recycle desapareci\u00f3 en 2017.\n\nZhouyan Deng inform\u00f3 de una fuga de puerto de origen TCP fuera de ruta a trav\u00e9s de un canal lateral de SYN cookie que se puede solucionar de m\u00faltiples maneras.\n\nUna de ellas es traer de vuelta los puertos TCP en la aleatorizaci\u00f3n del desplazamiento TS.\n\nComo ventaja adicional, realizamos un \u00fanico c\u00e1lculo de siphash() para proporcionar tanto un ISN como un desplazamiento TS."}], "id": "CVE-2026-23247", "lastModified": "2026-05-21T17:35:59.183", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-18T11:16:16.723", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/165573e41f2f66ef98940cf65f838b2cb575d9d1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/46e5b0d7cf55821527adea471ffe52a5afbd9caf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/eae2f14ab2efccdb7480fae7d42c4b0116ef8805"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: tcp: secure_seq: add back ports to TS offset", "id": "2448598", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448598"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2026-23247", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23247\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23247\nhttps://lore.kernel.org/linux-cve-announce/2026031818-CVE-2026-23247-07b3@gregkh/T"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[28ee1b746f493b7c62347d714f58fbf4f70df4f0,eae2f14ab2efccdb7480fae7d42c4b0116ef8805)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[28ee1b746f493b7c62347d714f58fbf4f70df4f0,46e5b0d7cf55821527adea471ffe52a5afbd9caf)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[28ee1b746f493b7c62347d714f58fbf4f70df4f0,165573e41f2f66ef98940cf65f838b2cb575d9d1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "443fac9f2618b93cbc5ab068dc594530236b3a23"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "4.11"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,4.11)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.17,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc3,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-03-18T12:12:45.101164+00:00", "updated": "2026-05-21T21:00:16.460921+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}