Linux Kernel Netfilter Component Cgroup Depth Warning Removal Vulnerability

Vulnerability

A vulnerability in the Linux kernel's netfilter component has been addressed. The issue involved an unnecessary warning related to the maximum cgroup depth, which is set to INT_MAX by default. Although there is a cgroup option to limit this depth to a more reasonable value to avoid performance issues, the warning could still be triggered from userspace. This vulnerability has been resolved by removing the redundant warning.

Impact

The removal of the warning allows for a more efficient handling of cgroup depths, potentially improving performance without the risk of unnecessary alerts.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Netfilter Component Cgroup Depth Warning Removal Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating