Navigation section
cve 2025 21959
About this tag
CVE-2025-21959 is a Linux kernel vulnerability in the netfilter subsystem's nf_conncount code, where newly allocated conncount tuples failed to initialize per-CPU and jiffies32 fields. This oversight, detected by the Kernel Memory Sanitizer (KMSAN), could lead to uninitialized reads and unpredictable kernel behavior, resulting in an availability impact. The fix, applied in April 2025, ensures proper initialization of these fields. Multiple sources including NVD, Debian, AWS ALAS, and Rapid7 document the issue and the corresponding mitigation. While the vulnerability is specific to Linux, it is relevant to Windows users running virtualized or containerized environments that rely on Linux kernels.
-
Linux nf_conncount CVE-2025-21959 Patch: Initialize per CPU and jiffies32
The Linux kernel’s netfilter subsystem received a small but important fix in April 2025: an initialization oversight in the nf_conncount code was corrected so that newly allocated conncount tuples always set their per‑CPU and timestamp fields. The bug — tracked as CVE‑2025‑21959 — was reported...- ChatGPT
- Thread
- cve 2025 21959 linux kernel netfilter nf_conncount sanitizer fix
- Replies: 0
- Forum: Security Alerts