CVE-2025-68321

medium

Description

In the Linux kernel, the following vulnerability has been resolved: page_pool: always add GFP_NOWARN for ATOMIC allocations Driver authors often forget to add GFP_NOWARN for page allocation from the datapath. This is annoying to users as OOMs are a fact of life, and we pretty much expect network Rx to hit page allocation failures during OOM. Make page pool add GFP_NOWARN for ATOMIC allocations by default.

References

https://git.kernel.org/stable/c/f3b52167a0cb23b27414452fbc1278da2ee884fc

https://git.kernel.org/stable/c/ab48dc0e23eb714b3f233f8e8f6deed7df2051f5

https://git.kernel.org/stable/c/9835a0fd59a1df5ec0740fdab6d50db68e0f10de

https://git.kernel.org/stable/c/7613c06ffa89c1e2266fb532e23ef7dfdf269d73

https://git.kernel.org/stable/c/3671a0775952026228ae44e096eb144bca75f8dc

https://git.kernel.org/stable/c/0ec2cd5c58793d0c622797cd5fbe26634b357210

Details

Source: Mitre, NVD

Published: 2025-12-16

Updated: 2025-12-18

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00024