CVE-2026-52970
Received Received - Intake
BaseFortify

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: fix missing expect put in obj eval nft_ct_expect_obj_eval() allocates an expectation and may call nf_ct_expect_related(), but never drops its local reference. Add nf_ct_expect_put(exp) before return to balance allocation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-52970
EUVD
EUVD-2026-38838
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux_kernel linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's netfilter component, specifically in the nft_ct module. The function nft_ct_expect_obj_eval() allocates an expectation object and may call nf_ct_expect_related(), but it fails to properly release the local reference to the allocated expectation. This missing release (missing expect put) can lead to resource management issues.

Impact Analysis

Because the function does not properly release allocated expectation objects, it can cause resource leaks within the kernel. This may lead to increased memory usage or exhaustion of kernel resources, potentially degrading system performance or stability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-52970. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart