Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-45860

Gravedad CVSS v3.1:
ALTA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
27/05/2026
Última modificación:
30/05/2026

Descripción

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: nf_conncount: increase the connection clean up limit to 64<br /> <br /> After the optimization to only perform one GC per jiffy, a new problem<br /> was introduced. If more than 8 new connections are tracked per jiffy the<br /> list won&amp;#39;t be cleaned up fast enough possibly reaching the limit<br /> wrongly.<br /> <br /> In order to prevent this issue, only skip the GC if it was already<br /> triggered during the same jiffy and the increment is lower than the<br /> clean up limit. In addition, increase the clean up limit to 64<br /> connections to avoid triggering GC too often and do more effective GCs.<br /> <br /> This has been tested using a HTTP server and several<br /> performance tools while having nft_connlimit/xt_connlimit or OVS limit<br /> configured.<br /> <br /> Output of slowhttptest + OVS limit at 52000 connections:<br /> <br /> slow HTTP test status on 340th second:<br /> initializing: 0<br /> pending: 432<br /> connected: 51998<br /> error: 0<br /> closed: 0<br /> service available: YES