CVE-2026-23139

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s netfilter component, specifically within the nf conncount module. The last gc variable is currently updated with each new connection tracked, even if garbage collection (GC) hasn’t been performed. A high packet rate can consistently bypass GC, leading to infinite list growth. The issue involves updating the last gc value only when GC has actually been performed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

BDU:2026-07525

CVE-2026-23139

OESA-2026-1760

OPENSUSE-SU-2026:20416-1

RHSA-2026:15883

SUSE-SU-2026:0962-1

SUSE-SU-2026:1081-1

SUSE-SU-2026:20667-1

SUSE-SU-2026:20720-1

SUSE-SU-2026:20838-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

SUSE-SU-2026:20931-1

SUSE-SU-2026:21284-1

USN-8278-1

USN-8278-2

USN-8289-1

USN-8289-2

USN-8296-1

USN-8296-2

USN-8393-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

CVE-2026-23139

Weakness Enumeration

Related Identifiers

Affected Products

References · 1932