Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INT_MAX Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing hashtable because __GFP_NOWARN is unset. See: 0708a0afe291 ("mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls") Note: hashtable resize is only possible from init_netns.

INFO

Published Date :

2025-01-19T10:18:05.700Z

Last Modified :

2025-11-03T20:58:30.561Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-21648 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-21648.

URL Resource
https://git.kernel.org/stable/c/5552b4fd44be3393b930434a7845d8d95a2a3c33 cve-icon cve-icon
https://git.kernel.org/stable/c/a965f7f0ea3ae61b9165bed619d5d6da02c75f80 cve-icon cve-icon
https://git.kernel.org/stable/c/b1b2353d768f1b80cd7fe045a70adee576b9b338 cve-icon cve-icon
https://git.kernel.org/stable/c/b541ba7d1f5a5b7b3e2e22dc9e40e18a7d6dbc13 cve-icon cve-icon
https://git.kernel.org/stable/c/d5807dd1328bbc86e059c5de80d1bbee9d58ca3d cve-icon cve-icon
https://git.kernel.org/stable/c/f559357d035877b9d0dcd273e0ff83e18e1d46aa cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html cve-icon
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html cve-icon
https://lore.kernel.org/linux-cve-announce/2025011946-CVE-2025-21648-bcda@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-21648 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-21648 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact