{"id":"CVE-2025-21958","summary":"Revert \"openvswitch: switch to per-action label counting in conntrack\"","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"openvswitch: switch to per-action label counting in conntrack\"\n\nCurrently, ovs_ct_set_labels() is only called for confirmed conntrack\nentries (ct) within ovs_ct_commit(). However, if the conntrack entry\ndoes not have the labels_ext extension, attempting to allocate it in\novs_ct_get_conn_labels() for a confirmed entry triggers a warning in\nnf_ct_ext_add():\n\n  WARN_ON(nf_ct_is_confirmed(ct));\n\nThis happens when the conntrack entry is created externally before OVS\nincrements net-\u003ect.labels_used. The issue has become more likely since\ncommit fcb1aa5163b1 (\"openvswitch: switch to per-action label counting\nin conntrack\"), which changed to use per-action label counting and\nincrement net-\u003ect.labels_used when a flow with ct action is added.\n\nSince there’s no straightforward way to fully resolve this issue at the\nmoment, this reverts the commit to avoid breaking existing use cases.","modified":"2026-03-20T12:41:15.649769Z","published":"2025-04-01T15:46:57.268Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21958.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1063ae07383c0ddc5bcce170260c143825846b03"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9e79fdabd52cfce1a021640a81256878a2c516a2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d91bfc64a4886102746e74d2c6f3a61e9a77fd7d"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21958.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-21958"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"fcb1aa5163b1ae4cf2864b688b08927aac51f51e"},{"fixed":"9e79fdabd52cfce1a021640a81256878a2c516a2"},{"fixed":"d91bfc64a4886102746e74d2c6f3a61e9a77fd7d"},{"fixed":"1063ae07383c0ddc5bcce170260c143825846b03"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21958.json"}}],"schema_version":"1.7.5"}