References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Change History

In the Linux kernel, the following vulnerability has been resolved:

netfilter: conntrack: revisit gc autotuning

as of commit 4608fdfc07e1
("netfilter: conntrack: collect all entries in one cycle")
conntrack gc was changed to run every 2 minutes.

On systems where conntrack hash table is set to large value, most evictions
happen from gc worker rather than the packet path due to hash table
distribution.

This causes netlink event overflows when events are collected.

This change collects average

https://git.kernel.org/stable/c/2cfadb761d3d0219412fd8150faea60c7e863833

https://git.kernel.org/stable/c/58d52743ae85d28c9335c6034d6ce350b8689951

https://git.kernel.org/stable/c/592e57591826f3d09c28d755a39ea8e9d13705ad

https://git.kernel.org/stable/c/7cd361d5e6d986c0d4cafb9ceaa803359048ae15