5.5

CVE-2026-23247

tcp: secure_seq: add back ports to TS offset

In the Linux kernel, the following vulnerability has been resolved:

tcp: secure_seq: add back ports to TS offset

This reverts 28ee1b746f49 ("secure_seq: downgrade to per-host timestamp offsets")

tcp_tw_recycle went away in 2017.

Zhouyan Deng reported off-path TCP source port leakage via
SYN cookie side-channel that can be fixed in multiple ways.

One of them is to bring back TCP ports in TS offset randomization.

As a bonus, we perform a single siphash() computation
to provide both an ISN and a TS offset.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version > 4.11 < 6.18.17
LinuxLinux Kernel Version >= 6.19 < 6.19.7
LinuxLinux Kernel Version4.10.14
LinuxLinux Kernel Version4.11 Update-
LinuxLinux Kernel Version4.11 Updaterc6
LinuxLinux Kernel Version4.11 Updaterc7
LinuxLinux Kernel Version4.11 Updaterc8
LinuxLinux Kernel Version7.0 Updaterc1
LinuxLinux Kernel Version7.0 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.02
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/eae2f14ab2efccdb7480fae7d42c4b0116ef8805
Patch
https://git.kernel.org/stable/c/46e5b0d7cf55821527adea471ffe52a5afbd9caf
Patch
https://git.kernel.org/stable/c/165573e41f2f66ef98940cf65f838b2cb575d9d1
Patch