CVE-2026-23139

CWE-400Uncontrolled Resource Consumption8 documents7 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 91.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux LinuxLinux Linux Kernel
Timeline
PublishedFeb 14

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: update last_gc only when GC has been performed Currently last_gc is being updated everytime a new connection is tracked, that means that it is updated even if a GC wasn't performed. With a sufficiently high packet rate, it is possible to always bypass the GC, causing the list to grow infinitely. Update the last_gc value only when a GC has been actually performed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel5.196.1.161+4
CVEListV5linux/linuxf106694733c66a48740c25bc4e212e9b2ea364ce2c7c71113ed6d3e2f3aca4c088f22283016ff34f+7
Debianlinux< 6.1.162-1+2

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
CVEList
netfilter: nf_conncount: update last_gc only when GC has been performed2026-02-14
OSV
CVE-2026-23139: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: update last_gc only when GC has been performed Currently2026-02-14
GHSA
GHSA-cf2j-m586-269w: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: update last_gc only when GC has been performed Currentl2026-02-14

📋Vendor Advisories

2
Red Hat
kernel: netfilter: nf_conncount: update last_gc only when GC has been performed2026-02-14
Debian
CVE-2026-23139: linux - In the Linux kernel, the following vulnerability has been resolved: netfilter: ...2026

🕵️Threat Intelligence

2
Wiz
CVE-2026-23139 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
ELSA-2025-23139 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23139 (MEDIUM CVSS 5.5) | In the Linux kernel | cvebase.io