Linux Kernel: High Packet Rate Can Cause Connection List to Grow Infinitely

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Linux Kernel: High Packet Rate Can Cause Connection List to Grow Infinitely

CVE-2026-23139

Summary

A flaw in the Linux kernel's connection tracking system could cause a denial-of-service condition if a high volume of packets is sent in a short time. This is fixed in a recent kernel update. It's recommended to update your Linux system to the latest kernel version to prevent potential issues.

Original title

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: update last_gc only when GC has been performed Currently last_gc is being updated everytime a new conn...

Original description

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conncount: update last_gc only when GC has been performed

Currently last_gc is being updated everytime a new connection is
tracked, that means that it is updated even if a GC wasn't performed.
With a sufficiently high packet rate, it is possible to always bypass
the GC, causing the list to grow infinitely.

Update the last_gc value only when a GC has been actually performed.

Published: 14 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026