CVE-2026-23016

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to fragmented packets and conntrack references. Specifically, the issue arises when handling fragmented packets where conntrack cleanup gets stuck due to skbs holding nf conn references via their fraglist. This can occur during UDP and potentially TCP processing, especially when Path MTU discovery is disabled. The problem stems from reassembled skbs ending up in the pcpu freelist while still maintaining nf conn references, preventing conntrack module removal. The root cause is identified as the introduction of skb attempt defer free() in commit 6471658dc66c. The recommended solution involves dropping nf conn entries when they are placed in the defrag queue, retaining the entry only for the first skb to maintain nf conn for the TX path.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.