Linux Kernel Netfilter Connection Tracking Hashtable Size Limitation Vulnerability

Vulnerability

A vulnerability in the Linux kernel's netfilter connection tracking component allowed for an improper maximum size configuration of the connection tracking hashtable. This issue could lead to a warning being triggered in the memory allocation function __kvmalloc_node_noprof() when the hashtable was resized, as the allocation flag __GFP_NOWARN was not set. The vulnerability was present in several different versions of the Linux kernel.

Impact

Exploitation of this vulnerability could cause a warning to be triggered during memory allocation, potentially leading to undesirable behavior in the kernel.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Netfilter Connection Tracking Hashtable Size Limitation Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating