THREATOPS
THREAT OPSThreat News › [NVD] CVE-2025-21648 (MEDIUM 5.5) — In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INT_MAX Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing has

[NVD] CVE-2025-21648 (MEDIUM 5.5) — In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INT_MAX Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing has

lownvdPublished 2025-01-19

CVE-2025-21648 CVSS: 5.5 MEDIUM Published: 2025-01-19T11:15:10.410

In the Linux kernel, the following vulnerability has been resolved:

netfilter: conntrack: clamp maximum hashtable size to INT_MAX

Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing hashtable because __GFP_NOWARN is unset. See:

0708a0

Indicators of compromise

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-21648