7.5

CVE-2026-23139

netfilter: nf_conncount: update last_gc only when GC has been performed

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conncount: update last_gc only when GC has been performed

Currently last_gc is being updated everytime a new connection is
tracked, that means that it is updated even if a GC wasn't performed.
With a sufficiently high packet rate, it is possible to always bypass
the GC, causing the list to grow infinitely.

Update the last_gc value only when a GC has been actually performed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.19 < 6.1.161
LinuxLinux Kernel Version >= 6.2 < 6.6.121
LinuxLinux Kernel Version >= 6.7 < 6.12.66
LinuxLinux Kernel Version >= 6.13 < 6.18.6
LinuxLinux Kernel Version6.19 Updaterc1
LinuxLinux Kernel Version6.19 Updaterc2
LinuxLinux Kernel Version6.19 Updaterc3
LinuxLinux Kernel Version6.19 Updaterc4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.33% 0.243
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
416baaa9-dc9f-4396-8d5f-8c081fb06d67 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/2c7c71113ed6d3e2f3aca4c088f22283016ff34f
Patch
https://git.kernel.org/stable/c/c4cde57c8affdcca5bcff53a1047e15d268bdca1
Patch
https://git.kernel.org/stable/c/9f45588993d7f115280fc726119ca86fba32a811
Patch
https://git.kernel.org/stable/c/3cd717359e56f82f06cbf8279b47a7d79880c6f3
Patch
https://git.kernel.org/stable/c/26a82dce2beee39c43c109d9647e16f49cb02a35
Patch
https://git.kernel.org/stable/c/8bdafdf4900040a81422056cabe5e00a37bd101a
Patch
https://git.kernel.org/stable/c/7811ba452402d58628e68faedf38745b3d485e3c
Patch