The network connection tracking implementation in netfilter module of the Linux kernel allows observation of changes of sysctl settingsin any net namespace as these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX, and NF_SYSCTL_CT_BUCKETS sysctls. Reference and upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2671fa4dc0109d3fb581bc3078fdf17b5d9080f6
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1992817]
This was fixed for Fedora with the 5.11.19 stable kernel updates.
Marking Hosted OCP and Other Services 'notaffected' per kernel analysis.