{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-52970","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-06-09T07:44:35.375Z","datePublished":"2026-06-24T16:28:48.882Z","dateUpdated":"2026-06-24T16:28:48.882Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-06-24T16:28:48.882Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_ct: fix missing expect put in obj eval\n\nnft_ct_expect_obj_eval() allocates an expectation and may call\nnf_ct_expect_related(), but never drops its local reference.\n\nAdd nf_ct_expect_put(exp) before return to balance allocation."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netfilter/nft_ct.c"],"versions":[{"version":"857b46027d6f91150797295752581b7155b9d0e1","lessThan":"cdb9a25dd3416d427e8b2753210f8baf44207577","status":"affected","versionType":"git"},{"version":"857b46027d6f91150797295752581b7155b9d0e1","lessThan":"26ab32ec73941871c97562ee1f39587950dc3b68","status":"affected","versionType":"git"},{"version":"857b46027d6f91150797295752581b7155b9d0e1","lessThan":"7b96242ceedfe249f158419f3254bcee04173ffe","status":"affected","versionType":"git"},{"version":"857b46027d6f91150797295752581b7155b9d0e1","lessThan":"ecca618e1e339494911090474ed87742c0f73976","status":"affected","versionType":"git"},{"version":"857b46027d6f91150797295752581b7155b9d0e1","lessThan":"2aef1b13d5c0285f340512c6c07eb858fd018fd8","status":"affected","versionType":"git"},{"version":"857b46027d6f91150797295752581b7155b9d0e1","lessThan":"1dced0725e2fae3ac3416274db20a7ff5a46931d","status":"affected","versionType":"git"},{"version":"857b46027d6f91150797295752581b7155b9d0e1","lessThan":"84c422cea5a45fe56be839f25880f21fd33940cd","status":"affected","versionType":"git"},{"version":"857b46027d6f91150797295752581b7155b9d0e1","lessThan":"19f94b6fee75b3ef7fbc06f3745b9a771a8a19a4","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netfilter/nft_ct.c"],"versions":[{"version":"5.3","status":"affected"},{"version":"0","lessThan":"5.3","status":"unaffected","versionType":"semver"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"5.10.258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"5.15.209"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.1.175"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.6.141"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.12.91"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.18.33"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"7.0.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"7.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/cdb9a25dd3416d427e8b2753210f8baf44207577"},{"url":"https://git.kernel.org/stable/c/26ab32ec73941871c97562ee1f39587950dc3b68"},{"url":"https://git.kernel.org/stable/c/7b96242ceedfe249f158419f3254bcee04173ffe"},{"url":"https://git.kernel.org/stable/c/ecca618e1e339494911090474ed87742c0f73976"},{"url":"https://git.kernel.org/stable/c/2aef1b13d5c0285f340512c6c07eb858fd018fd8"},{"url":"https://git.kernel.org/stable/c/1dced0725e2fae3ac3416274db20a7ff5a46931d"},{"url":"https://git.kernel.org/stable/c/84c422cea5a45fe56be839f25880f21fd33940cd"},{"url":"https://git.kernel.org/stable/c/19f94b6fee75b3ef7fbc06f3745b9a771a8a19a4"}],"title":"netfilter: nft_ct: fix missing expect put in obj eval","x_generator":{"engine":"bippy-1.2.0"}}}}