CVE-2025-21648

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-21648
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21648.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-21648
Downstream
Related
Published
2025-01-19T10:18:05.700Z
Modified
2026-03-11T07:47:02.426772Z
Summary
netfilter: conntrack: clamp maximum hashtable size to INT_MAX
Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: conntrack: clamp maximum hashtable size to INT_MAX

Use INTMAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARNON_ONCE in __kvmallocnodenoprof() when resizing hashtable because _GFPNOWARN is unset. See:

0708a0afe291 ("mm: Consider _GFPNOWARN flag for oversized kvmalloc() calls")

Note: hashtable resize is only possible from init_netns.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21648.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9cc1c73ad66610bffc80b691136ffc1e9a3b1a58
Fixed
a965f7f0ea3ae61b9165bed619d5d6da02c75f80
Fixed
b1b2353d768f1b80cd7fe045a70adee576b9b338
Fixed
5552b4fd44be3393b930434a7845d8d95a2a3c33
Fixed
d5807dd1328bbc86e059c5de80d1bbee9d58ca3d
Fixed
f559357d035877b9d0dcd273e0ff83e18e1d46aa
Fixed
b541ba7d1f5a5b7b3e2e22dc9e40e18a7d6dbc13

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21648.json"