CVE-2025-71146 PUBLISHED

netfilter: nf_conncount: fix leaked ct in error paths

Assigner: Linux
Reserved: 13.01.2026 Published: 23.01.2026 Updated: 23.01.2026

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conncount: fix leaked ct in error paths

There are some situations where ct might be leaked as error paths are skipping the refcounted check and return immediately. In order to solve it make sure that the check is always called.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 6e86f0eca857ee42787e30e9ec0b726aebfcae0a to 08fa37f4c8c59c294e9c18fea2d083ee94074e5a (excl.) affected from b160895d6bc9690459b16ef87799c9bd456af3ec to e1ac8dce3a893641bef224ad057932f142b8a36f (excl.) affected from 8d5a2c94c24dcc226863a7c2b5034750370c2189 to f381a33f34dda9e4023e38ba68c943bca83245e9 (excl.) affected from da9f247fb5efcd5a2730cdc989291b383c439e10 to 325eb61bb30790ea27782203a17b007ce1754a67 (excl.) affected from 3558faee8aace3541189c3a2ca45c7e85e144b44 to 0b88be7211d21a0d68bb1e56dc805944e3654d6f (excl.) affected from f6904ed15ed1a188543057e3cb0d02daa80edfc9 to 4bd2b89f4028f250dd1c1625eb3da1979b04a5e8 (excl.) affected from be102eb6a0e7c03db00e50540622f4e43b2d2844 to 2e2a720766886190a6d35c116794693aabd332b6 (excl.) Version 8c2da7330214ce30f8333d1799a27ed0a9418f07 is affected

Vendor	Linux
Product	Linux
Versions	Default: affected Version 6.19-rc1 is affected unaffected from 0 to 6.19-rc1 (excl.) unaffected from 6.12.64 to 6.12.* (incl.) unaffected from 6.18.3 to 6.18.* (incl.) unaffected from 6.19-rc2 to * (incl.)

CVE-2025-71146 PUBLISHED

netfilter: nf_conncount: fix leaked ct in error paths

Product Status

References