In theory, this would be a rich landscape for an entirely different abstraction layer for fingerprinting… However, I am skeptical that the typical fingerprinting tool chains are receiving data that reaches that far down in the stack…
Also TCP timestamp if the network stack doesn't apply a randomized offset. As of 4.10 Linux added randomization; no idea about others.
Getting a bit farther out there, CPU clock skew can be derived from the (randomly offset) TCP timestamps. That varies with temperature and thus load so it can be used to pick out otherwise indistinguishable traffic streams originating on the same physical host.
Back in the realm of commonly employed techniques, higher levels of the networking stack are fingerprinted in the wild. https://blog.cloudflare.com/ja4-signals/
Moving even farther up, the human interaction streams themselves are commonly fingerprinted. I realize that's a bit of a tangent but OP had suggested that fingerprints had short half lives and this is a very strong counterexample that I failed to mention earlier. https://www.whonix.org/wiki/Keystroke_and_Mouse_Deanonymizat...
In theory, this would be a rich landscape for an entirely different abstraction layer for fingerprinting… However, I am skeptical that the typical fingerprinting tool chains are receiving data that reaches that far down in the stack…