CVE-2025-71146
netfilter: nf_conncount: fix leaked ct in error paths
Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: fix leaked ct in error paths There are some situations where ct might be leaked as error paths are skipping the refcounted check and return immediately. In order to solve it make sure that the check is always called.
INFO
Published Date :
Jan. 23, 2026, 3:16 p.m.
Last Modified :
Jan. 23, 2026, 3:16 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products
The following products are affected by CVE-2025-71146
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
Solution
- Apply the netfilter patch to the Linux kernel.
- Recompile and install the updated kernel.
- Verify the integrity of the refcounted checks.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-71146.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-71146 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-71146
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-71146 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2025-71146 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jan. 23, 2026
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: fix leaked ct in error paths There are some situations where ct might be leaked as error paths are skipping the refcounted check and return immediately. In order to solve it make sure that the check is always called. Added Reference https://git.kernel.org/stable/c/08fa37f4c8c59c294e9c18fea2d083ee94074e5a Added Reference https://git.kernel.org/stable/c/0b88be7211d21a0d68bb1e56dc805944e3654d6f Added Reference https://git.kernel.org/stable/c/2e2a720766886190a6d35c116794693aabd332b6 Added Reference https://git.kernel.org/stable/c/325eb61bb30790ea27782203a17b007ce1754a67 Added Reference https://git.kernel.org/stable/c/4bd2b89f4028f250dd1c1625eb3da1979b04a5e8 Added Reference https://git.kernel.org/stable/c/e1ac8dce3a893641bef224ad057932f142b8a36f Added Reference https://git.kernel.org/stable/c/f381a33f34dda9e4023e38ba68c943bca83245e9