CVE-2025-38201

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/07/2025
Last modified:
08/07/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX<br /> <br /> Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof()<br /> when resizing hashtable because __GFP_NOWARN is unset.<br /> <br /> Similar to:<br /> <br /> b541ba7d1f5a ("netfilter: conntrack: clamp maximum hashtable size to INT_MAX")

Impact