CVE-2026-52970
The CVE-2026-52970 entry maps to a Linux kernel netfilter issue in nft_ct: the function nft_ct_expect_obj_eval() allocates an expectation, may call nf_ct_expect_related(), but does not drop the local reference. The fix is to balance allocation by calling nf_ct_expect_put(exp) before returning. Co...