[REJECTED CVE] A vulnerability in the Linux kernel's memory management (mm/page_alloc) has been identified, where GFP_ATOMIC order-0 allocations could fail under memory pressure, despite available highatomic reserves. This issue caused packet loss in high-performance networking environments, as observed on Cloudflare's fleet. An attacker could theoretically exploit this by inducing high memory contention, potentially impacting real-time operations. However, since the fix ensures proper fallback behavior without introducing a security risk, the issue has been rejected as a CVE.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves Under memory pressure it's possible for GFP_ATOMIC order-0 allocations to fail even though free pages are available in the highatomic reserves. GFP_ATOMIC allocations cannot trigger unreserve_highatomic_pageblock() since it's only run from reclaim. Given that such allocations will pass the watermarks in __zone_watermark_unusable_free(), it makes sense to fallback to highatomic reserves the same way that ALLOC_OOM can. This fixes order-0 page allocation failures observed on Cloudflare's fleet when handling network packets: kswapd1: page allocation failure: order:0, mode:0x820(GFP_ATOMIC), nodemask=(null),cpuset=/,mems_allowed=0-7 CPU: 10 PID: 696 Comm: kswapd1 Kdump: loaded Tainted: G O 6.6.43-CUSTOM #1 Hardware name: MACHINE Call Trace: <IRQ> dump_stack_lvl+0x3c/0x50 warn_alloc+0x13a/0x1c0 __alloc_pages_slow...

ELSA-2024-12887: Unbreakable Enterprise kernel security update (IMPORTANT)

ELSA-2025-6966: kernel security update (MODERATE)