CVE-2025-68321
Published Dec 16, 2025
Modified Apr 15, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: page_pool: always add GFP_NOWARN for ATOMIC allocations Driver authors often forget to add GFP_NOWARN for page allocation from the datapath. This is annoying to users as OOMs are a fact of life, and we pretty much expect network Rx to hit page allocation failures during OOM. Make page pool add GFP_NOWARN for ATOMIC allocations by default.
Is your site exposed to CVE-2025-68321?
Run a free security scan — no signup, results in seconds.
References
Other References
https://git.kernel.org/stable/c/0ec2cd5c58793d0c622797cd5fbe26634b357210
https://git.kernel.org/stable/c/3671a0775952026228ae44e096eb144bca75f8dc
https://git.kernel.org/stable/c/7613c06ffa89c1e2266fb532e23ef7dfdf269d73
https://git.kernel.org/stable/c/9835a0fd59a1df5ec0740fdab6d50db68e0f10de
https://git.kernel.org/stable/c/ab48dc0e23eb714b3f233f8e8f6deed7df2051f5
https://git.kernel.org/stable/c/f3b52167a0cb23b27414452fbc1278da2ee884fc
Frequently Asked Questions
What is CVE-2025-68321? +
In the Linux kernel, the following vulnerability has been resolved:
page_pool: always add GFP_NOWARN for ATOMIC allocations
Driver authors often forget to add GFP_NOWARN for page allocation
from the datapath. This is annoying to users as OOMs are a fact
of life, and we pretty much expect network Rx to hit page allocation
failures during OOM. Make page pool add GFP_NOWARN for ATOMIC allocations
by default.
How do I check if I'm vulnerable to CVE-2025-68321? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.