THREAT OPS › Threat News › [NVD] CVE-2025-21648 (MEDIUM 5.5) — In the Linux kernel, the following vulnerability has been resolved:
netfilter: conntrack: clamp maximum hashtable size to INT_MAX
Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, it
is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when
resizing has
[NVD] CVE-2025-21648 (MEDIUM 5.5) — In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INT_MAX Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing has
CVE-2025-21648 CVSS: 5.5 MEDIUM Published: 2025-01-19T11:15:10.410
In the Linux kernel, the following vulnerability has been resolved:
netfilter: conntrack: clamp maximum hashtable size to INT_MAX
Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing hashtable because __GFP_NOWARN is unset. See:
0708a0
Indicators of compromise
- CVE-2025-21648cve
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-21648