CVE-2026-23139 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: update last_gc only when GC has been performed Currently last_gc is being updated everytime a new connection is tracked, that means that it is updated even if a GC wasn't performed. With a sufficiently high packet rate, it is possible to always bypass the GC, causing the list to grow infinitely. Update the last_gc value only when a GC has been actually performed.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/26a82dce2beee39c43c109d9647e16f49cb02a35
https://git.kernel.org/stable/c/2c7c71113ed6d3e2f3aca4c088f22283016ff34f
https://git.kernel.org/stable/c/3cd717359e56f82f06cbf8279b47a7d79880c6f3
https://git.kernel.org/stable/c/7811ba452402d58628e68faedf38745b3d485e3c
https://git.kernel.org/stable/c/8bdafdf4900040a81422056cabe5e00a37bd101a
https://git.kernel.org/stable/c/9f45588993d7f115280fc726119ca86fba32a811
https://git.kernel.org/stable/c/c4cde57c8affdcca5bcff53a1047e15d268bdca1
https://lore.kernel.org/linux-cve-announce/2026021429-CVE-2026-23139-a7b4@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23139
https://www.cve.org/CVERecord?id=CVE-2026-23139

History

Tue, 17 Feb 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026021429-CVE-2026-23139-a7b4@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23139 https://www.cve.org/CVERecord?id=CVE-2026-23139
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Important`

Sat, 14 Feb 2026 15:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: update last_gc only when GC has been performed Currently last_gc is being updated everytime a new connection is tracked, that means that it is updated even if a GC wasn't performed. With a sufficiently high packet rate, it is possible to always bypass the GC, causing the list to grow infinitely. Update the last_gc value only when a GC has been actually performed.
Title		netfilter: nf_conncount: update last_gc only when GC has been performed
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/26a82dce2beee39c43c109d9647e16f49cb02a35 https://git.kernel.org/stable/c/2c7c71113ed6d3e2f3aca4c088f22283016ff34f https://git.kernel.org/stable/c/3cd717359e56f82f06cbf8279b47a7d79880c6f3 https://git.kernel.org/stable/c/7811ba452402d58628e68faedf38745b3d485e3c https://git.kernel.org/stable/c/8bdafdf4900040a81422056cabe5e00a37bd101a https://git.kernel.org/stable/c/9f45588993d7f115280fc726119ca86fba32a811 https://git.kernel.org/stable/c/c4cde57c8affdcca5bcff53a1047e15d268bdca1

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-02-14T15:22:24.059Z

Updated: 2026-02-14T15:22:24.059Z

Reserved: 2026-01-13T15:37:45.972Z

Link: CVE-2026-23139

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-02-14T16:15:53.950

Modified: 2026-02-18T17:52:44.520

Link: CVE-2026-23139

Redhat

Severity : Important

Publid Date: 2026-02-14T00:00:00Z

Links: CVE-2026-23139 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object