Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamping the maximum hashtable size to INTMAX The maximum size of the conntrack hashtable should be set to INTMAX. Otherwise, it is possible to encounter a WARNONONCE error in kvmallocnodenoprof when resizin...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005177)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005177 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INTMAX Use INTMAX as maximum size for the...

Siemens SIMATIC Devices Memory Allocation with Excessive Size Value (CVE-2025-21648)

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INTMAX Use INTMAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARNONONCE in kvmallocnodenoprof when resizing hashtable because GFPNOWARN is...

SUSE-SU-2025:20413-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52888: media: mediatek: vcodec: Only free buffer VA that is not NULL bsc1228557. - CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2025-1520)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : cifs: Fix UAF in cifsdemultiplexthread.CVE-2023-52572 xsk: fix OOB map writes when deleting elementsCVE-2024-56614 net: defer final 'struct net'...

CVE-2025-21648

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INTMAX Use INTMAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARNONONCE in kvmallocnodenoprof when resizing hashtable because GFPNOWARN is...

DEBIAN-CVE-2025-21648

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INTMAX Use INTMAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARNONONCE in kvmallocnodenoprof when resizing hashtable because GFPNOWARN is...

CVE-2025-21648

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INTMAX Use INTMAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARNONONCE in kvmallocnodenoprof when resizing hashtable because GFPNOWARN is...

CVE-2025-21648

CVE-2025-21648 affects the Linux kernel netfilter conntrack code. The vulnerability arises from the hashtable resize path where the maximum size could exceed practical limits, risking a WARN_ON_ONCE in __kvmalloc_node_noprof() when __GFP_NOWARN is unset. The fix clamps the conntrack hashtable siz...

CVE-2025-21648 netfilter: conntrack: clamp maximum hashtable size to INT_MAX

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INTMAX Use INTMAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARNONONCE in kvmallocnodenoprof when resizing hashtable because GFPNOWARN is...