QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-21648

Back to search

CVE-2025-21648

Published: Jan 19, 2025

Modified: May 12, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INT_MAX Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing hashtable because __GFP_NOWARN is unset. See: 0708a0afe291 ("mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls") Note: hashtable resize is only possible from init_netns.

VendorProductVersions

Linux

Linux

affected
9cc1c73ad66610bffc80b691136ffc1e9a3b1a58 - < a965f7f0ea3ae61b9165bed619d5d6da02c75f80
affected
9cc1c73ad66610bffc80b691136ffc1e9a3b1a58 - < b1b2353d768f1b80cd7fe045a70adee576b9b338
affected
9cc1c73ad66610bffc80b691136ffc1e9a3b1a58 - < 5552b4fd44be3393b930434a7845d8d95a2a3c33
affected
9cc1c73ad66610bffc80b691136ffc1e9a3b1a58 - < d5807dd1328bbc86e059c5de80d1bbee9d58ca3d
affected
9cc1c73ad66610bffc80b691136ffc1e9a3b1a58 - < f559357d035877b9d0dcd273e0ff83e18e1d46aa

+1 more versions

Linux

Linux

affected
4.7
unaffected
0 - < 4.7
unaffected
5.10.234 - <= 5.10.*
unaffected
5.15.177 - <= 5.15.*
unaffected
6.1.125 - <= 6.1.*

+3 more versions

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now
CVE-2025-21648 - Security Vulnerability | QwikSec