CVE-2025-21648

Published Jan 19, 2025

Last updated 20 days ago

Overview

Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INT_MAX Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing hashtable because __GFP_NOWARN is unset. See: 0708a0afe291 ("mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls") Note: hashtable resize is only possible from init_netns.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status
Awaiting Analysis

Social media

Hype score
Not currently trending

  1. CVE-2025-21648 In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INT_MAX Use INT_MAX as maximum size for th… https://t.co/rZEkTDr3Xv

    @CVEnew

    19 Jan 2025

    177 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References