CVE-2025-21648

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-21648
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21648.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-21648
Downstream
Related
Published
2025-01-19T11:15:10Z
Modified
2025-08-09T20:01:27Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: conntrack: clamp maximum hashtable size to INT_MAX

Use INTMAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARNONONCE in _kvmallocnodenoprof() when resizing hashtable because _GFPNOWARN is unset. See:

0708a0afe291 ("mm: Consider _GFPNOWARN flag for oversized kvmalloc() calls")

Note: hashtable resize is only possible from init_netns.

References

Affected packages