CVE-2026-23016 — Improper Update of Reference Count in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 31
Description
In the Linux kernel, the following vulnerability has been resolved:
inet: frags: drop fraglist conntrack references
Jakub added a warning in nf_conntrack_cleanup_net_list() to make debugging
leaked skbs/conntrack references more obvious.
syzbot reports this as triggering, and I can also reproduce this via
ip_defrag.sh selftest:
conntrack cleanup blocked for 60s
WARNING: net/netfilter/nf_conntrack_core.c:2512
[..]
conntrack clenups gets stuck because there are skbs with still hold nf_conn
re…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages5 packages
▶CVEListV5linux/linux6471658dc66c670580a7616e75f51b52917e7883 — 088ca99dbb039c444c3ff987c5412a73f4f0cbf8+2
Patches
🔴Vulnerability Details
3OSV▶
CVE-2026-23016: In the Linux kernel, the following vulnerability has been resolved: inet: frags: drop fraglist conntrack references Jakub added a warning in nf_conntr↗2026-01-31
GHSA▶
GHSA-8h8q-4wvg-mhgm: In the Linux kernel, the following vulnerability has been resolved:
inet: frags: drop fraglist conntrack references
Jakub added a warning in nf_conn↗2026-01-31