VDB
CVE-2026-52970
CVE-2026-52970
PUBLISHED
Reported by Linux · Published June 24, 2026
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: fix missing expect put in obj eval nft_ct_expect_obj_eval() allocates an expectation and may call nf_ct_expect_related(), but never drops its local reference. Add nf_ct_expect_put(exp) before return to balance allocation.
EPSS 0.18% · 8.2th percentile
Risk Scores
EPSS Score
0.18%
8.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 857b46027d6f91150797295752581b7155b9d0e1, 857b46027d6f91150797295752581b7155b9d0e1, 857b46027d6f91150797295752581b7155b9d0e1 |
| Linux | Linux | 5.3, 0, 5.10.258 |
| linux | linux_kernel | 5.3, 5.3, 5.3 |
| Linux | Linux | 857b46027d6f91150797295752581b7155b9d0e1, 857b46027d6f91150797295752581b7155b9d0e1, 857b46027d6f91150797295752581b7155b9d0e1 |
Timeline
- Jun 24, 2026 CVE Published
- Jun 25, 2026 Coalition ESS Score
- Jun 27, 2026 EPSS Score