CVE-2026-23139

Advisory lineage Upstream: 0 Downstream: 20
Modified
Published: 14 Feb 2026, 15:22
Last modified:11 May 2026, 22:00

Vulnerability Summary

Overall Risk (default)
medium
30/100
CVSS Score
7.5 HIGH
v3.1 (cve.org)
EPSS Score
0.04% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

14 Feb 2026, 15:22
Published
Vulnerability first disclosed
11 May 2026, 22:00
Last Modified
Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: update last_gc only when GC has been performed Currently last_gc is being updated everytime a new connection is tracked, that means that it is updated even if a GC wasn't performed. With a sufficiently high packet rate, it is possible to always bypass the GC, causing the list to grow infinitely. Update the last_gc value only when a GC has been actually performed.

CVSS Metrics

  • v3.1MEDIUMScore: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • v3.1HIGHScore: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.04% Percentile: 11%

Affected Systems

  • linuxlinux

    ≥ f106694733c66a48740c25bc4e212e9b2ea364ce, < 2c7c71113ed6d3e2f3aca4c088f22283016ff34f | ≥ be69850b461e7b491d87a22e33ab76fdd04b725e, < c4cde57c8affdcca5bcff53a1047e15d268bdca1 | ≥ d265929930e2ffafc744c0ae05fb70acd53be1ee, < 9f45588993d7f115280fc726119ca86fba32a811 | ≥ d265929930e2ffafc744c0ae05fb70acd53be1ee, < 3cd717359e56f82f06cbf8279b47a7d79880c6f3 | ≥ d265929930e2ffafc744c0ae05fb70acd53be1ee, < 26a82dce2beee39c43c109d9647e16f49cb02a35 | ≥ d265929930e2ffafc744c0ae05fb70acd53be1ee, < 8bdafdf4900040a81422056cabe5e00a37bd101a | ≥ d265929930e2ffafc744c0ae05fb70acd53be1ee, < 7811ba452402d58628e68faedf38745b3d485e3c | 5.19

  • linuxlinux_kernel

    ≥ 5.19, < 6.1.161 | ≥ 6.2, < 6.6.121 | ≥ 6.7, < 6.12.66 | ≥ 6.13, < 6.18.6 | 6.19:rc1 | 6.19:rc2 | 6.19:rc3 | 6.19:rc4

References (7)