CVE-2025-71146

EUVD-2026-4412
In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conncount: fix leaked ct in error paths

There are some situations where ct might be leaked as error paths are
skipping the refcounted check and return immediately. In order to solve
it make sure that the check is always called.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.159-1
not-affected
bookworm (security)
6.1.162-1
fixed
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.249-1
fixed
forky
6.18.9-1
fixed
sid
6.18.12-1
fixed
trixie
vulnerable
trixie (security)
6.12.73-1
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/08fa37f4c8c59c294e9c18fea2d083ee94074e5a
https://git.kernel.org/stable/c/0b88be7211d21a0d68bb1e56dc805944e3654d6f
https://git.kernel.org/stable/c/2e2a720766886190a6d35c116794693aabd332b6
https://git.kernel.org/stable/c/325eb61bb30790ea27782203a17b007ce1754a67
https://git.kernel.org/stable/c/4bd2b89f4028f250dd1c1625eb3da1979b04a5e8
https://git.kernel.org/stable/c/e1ac8dce3a893641bef224ad057932f142b8a36f
https://git.kernel.org/stable/c/f381a33f34dda9e4023e38ba68c943bca83245e9