CVE-2025-68321

Description

CVE-2025-68321 addresses a quality-of-life issue in the Linux kernel's page_pool subsystem. The root cause is that driver authors frequently neglected to add the GFP_NOWARN flag for atomic page allocations performed in the network data path. During out-of-memory (OOM) conditions, these allocations would trigger verbose kernel warnings, which are considered annoying and unhelpful to users because network receive (Rx) failures during OOM are a normal, expected behavior.

Exploitation

Context

This is not a security vulnerability in the traditional sense; it is a defect that causes excessive kernel logging. The attack surface is the system's memory pressure. When the system is under OOM conditions, page allocation requests from the network datapath (which are atomic, i.e., cannot sleep) would fail, and the kernel would print warnings. No authentication or network position is required; the condition is triggered by normal network activity during memory stress.

Impact

An attacker able to induce OOM conditions on a target system could cause a flood of kernel warning messages. While this does not directly compromise confidentiality, integrity, or availability, the log spam could obscure other malicious activity or consume system resources. The primary impact is on system monitoring and log management.

Mitigation

The fix ensures that the page_pool automatically adds GFP_NOWARN when performing atomic allocations, silencing the warnings [1][2][3][4]. The patch has been accepted into the stable kernel trees and is available through the referenced commits. Users should apply the corresponding stable kernel update to receive the fix.