Security Advisory

CVE-2025-21648

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-01-19 10:18:05

Last updated 2026-05-12 12:03:04

Assigner Linux

State PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INT_MAX Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing hashtable because __GFP_NOWARN is unset. See: 0708a0afe291 ("mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls") Note: hashtable resize is only possible from init_netns.

← Browse all CVEs View on cve.org ↗