{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-71146","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-13T15:30:19.661Z","datePublished":"2026-01-23T14:15:12.998Z","dateUpdated":"2026-05-11T21:55:52.249Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:55:52.249Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conncount: fix leaked ct in error paths\n\nThere are some situations where ct might be leaked as error paths are\nskipping the refcounted check and return immediately. In order to solve\nit make sure that the check is always called."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netfilter/nf_conncount.c"],"versions":[{"version":"6e86f0eca857ee42787e30e9ec0b726aebfcae0a","lessThan":"08fa37f4c8c59c294e9c18fea2d083ee94074e5a","status":"affected","versionType":"git"},{"version":"b160895d6bc9690459b16ef87799c9bd456af3ec","lessThan":"e1ac8dce3a893641bef224ad057932f142b8a36f","status":"affected","versionType":"git"},{"version":"8d5a2c94c24dcc226863a7c2b5034750370c2189","lessThan":"f381a33f34dda9e4023e38ba68c943bca83245e9","status":"affected","versionType":"git"},{"version":"da9f247fb5efcd5a2730cdc989291b383c439e10","lessThan":"325eb61bb30790ea27782203a17b007ce1754a67","status":"affected","versionType":"git"},{"version":"3558faee8aace3541189c3a2ca45c7e85e144b44","lessThan":"0b88be7211d21a0d68bb1e56dc805944e3654d6f","status":"affected","versionType":"git"},{"version":"f6904ed15ed1a188543057e3cb0d02daa80edfc9","lessThan":"4bd2b89f4028f250dd1c1625eb3da1979b04a5e8","status":"affected","versionType":"git"},{"version":"be102eb6a0e7c03db00e50540622f4e43b2d2844","lessThan":"2e2a720766886190a6d35c116794693aabd332b6","status":"affected","versionType":"git"},{"version":"8c2da7330214ce30f8333d1799a27ed0a9418f07","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netfilter/nf_conncount.c"],"versions":[{"version":"6.12.63","lessThan":"6.12.64","status":"affected","versionType":"semver"},{"version":"6.18.2","lessThan":"6.18.3","status":"affected","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.63","versionEndExcluding":"6.12.64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.2","versionEndExcluding":"6.18.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.17.13"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/08fa37f4c8c59c294e9c18fea2d083ee94074e5a"},{"url":"https://git.kernel.org/stable/c/e1ac8dce3a893641bef224ad057932f142b8a36f"},{"url":"https://git.kernel.org/stable/c/f381a33f34dda9e4023e38ba68c943bca83245e9"},{"url":"https://git.kernel.org/stable/c/325eb61bb30790ea27782203a17b007ce1754a67"},{"url":"https://git.kernel.org/stable/c/0b88be7211d21a0d68bb1e56dc805944e3654d6f"},{"url":"https://git.kernel.org/stable/c/4bd2b89f4028f250dd1c1625eb3da1979b04a5e8"},{"url":"https://git.kernel.org/stable/c/2e2a720766886190a6d35c116794693aabd332b6"}],"title":"netfilter: nf_conncount: fix leaked ct in error paths","x_generator":{"engine":"bippy-1.2.0"}}}}