SUSE CVE-2026-45860

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: increase the connection clean up limit to 64 After the optimization to only perform one GC per jiffy, a new problem was introduced. If more than 8 new connections are tracked per jiffy the list won't be...

CVE-2026-45860

CVE-2026-45860 affects the Linux kernel netfilter nf_conncount, where tracking more than eight new connections per jiffy could cause the connection list to not be cleaned up promptly, potentially exhausting the connection limit and enabling denial of service. The issue is mitigated by a fix that ...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nfconncount: The struct nfconncounttuple was fully initialized in inserttree. Since commit b36e4523d4d5 “netfilter: nfconncount: fix garbage collection confirm race”, the cpu and jiffies32 fields were introduced to...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: Update lastgc only when garbage collection GC has been performed. Currently, lastgc is updated every time a new connection is tracked. This means it is updated even if no garbage collection was performed...

SUSE CVE-2026-23139

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: update lastgc only when GC has been performed Currently lastgc is being updated everytime a new connection is tracked, that means that it is updated even if a GC wasn't performed. With a sufficiently high...

CVE-2026-23139

CVE-2026-23139 affects the Linux kernel netfilter nf_conncount code. The root cause was that the last_gc timestamp was updated every time a connection was tracked, even when a garbage collection (GC) was not performed, enabling potential GC bypass under high packet rates and unbounded growth of t...

SUSE CVE-2025-71146

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: fix leaked ct in error paths There are some situations where ct might be leaked as error paths are skipping the refcounted check and return immediately. In order to solve it make sure that the check is...

Linux Distros Unpatched Vulnerability : CVE-2025-21959

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nfconncount: Fully initialize struct nfconncounttuple in inserttree Since commit b36e4523d4d5 netfilter: nfconncount: fix garbage collection confirm...

SUSE-SU-2025:20483-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-57982: xfrm: state: fix out-of-bounds read during lookup bsc1237913. - CVE-2024-58053: rxrpc: Fix handling of received connection abort...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-57982: xfrm: state: fix out-of-bounds read during lookup bsc1237913. CVE-2024-58053: rxrpc: Fix handling of received connection abort bsc1238982...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: blk-throttle: Set BIOTHROTTLED when bio has been throttled CVE-2022-49465 In the Linux kernel, the following vulnerability has been resolved: vlan: fix memory leak in vlannewlink CVE-2022-49636 In the Linux kernel...

SUSE CVE-2025-21959

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: Fully initialize struct nfconncounttuple in inserttree Since commit b36e4523d4d5 "netfilter: nfconncount: fix garbage collection confirm race", cpu and jiffies32 were introduced to the struct...

AZL-60297 CVE-2025-21959 affecting package kernel for versions less than 5.15.180.1-1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: Fully initialize struct nfconncounttuple in inserttree Since commit b36e4523d4d5 "netfilter: nfconncount: fix garbage collection confirm race", cpu and jiffies32 were introduced to the struct...

AZL-60273 CVE-2025-21959 affecting package kernel for versions less than 6.6.85.1-2

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: Fully initialize struct nfconncounttuple in inserttree Since commit b36e4523d4d5 "netfilter: nfconncount: fix garbage collection confirm race", cpu and jiffies32 were introduced to the struct...

DEBIAN-CVE-2025-21959

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: Fully initialize struct nfconncounttuple in inserttree Since commit b36e4523d4d5 "netfilter: nfconncount: fix garbage collection confirm race", cpu and jiffies32 were introduced to the struct...

CVE-2025-21959 netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree()

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: Fully initialize struct nfconncounttuple in inserttree Since commit b36e4523d4d5 "netfilter: nfconncount: fix garbage collection confirm race", cpu and jiffies32 were introduced to the struct...