Karel Rericha

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel's netfilter conntrack module has been resolved. The issue caused netlink event overflows when events were collected due to the conntrack hash table distribution. This occurred when the hash table was set to a large value, resulting in most evictions happening from the gc worker rather than the packet path. The problem was addressed by changing the conntrack gc to run every 2 minutes and collecting the average expiry of scanned entries to reschedule the gc worker. To prevent event overflows, the gc worker now reschedules after each bucket and has limits for both run time and number of evictions per run. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.