Home

Description

In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in output_userspace() with nla_for_each_nested(), which ensures that only well-formed attributes are processed.

PUBLISHED Reserved 2025-04-16 | Published 2025-05-29 | Updated 2025-11-03 | Assigner Linux

Product status

Default status
unaffected

ccb1352e76cff0524e7ccb2074826a092dd13016 (git) before 6712dc21506738f5f22b4f68b7c0d9e0df819dbd
affected

ccb1352e76cff0524e7ccb2074826a092dd13016 (git) before 06b4f110c79716c181a8c5da007c259807840232
affected

ccb1352e76cff0524e7ccb2074826a092dd13016 (git) before 47f7f00cf2fa3137d5c0416ef1a71bdf77901395
affected

ccb1352e76cff0524e7ccb2074826a092dd13016 (git) before bca8df998cce1fead8cbc69144862eadc2e34c87
affected

ccb1352e76cff0524e7ccb2074826a092dd13016 (git) before 0236742bd959332181c1fcc41a05b7b709180501
affected

ccb1352e76cff0524e7ccb2074826a092dd13016 (git) before ec334aaab74705cc515205e1da3cb369fdfd93cd
affected

ccb1352e76cff0524e7ccb2074826a092dd13016 (git) before 4fa672cbce9c86c3efb8621df1ae580d47813430
affected

ccb1352e76cff0524e7ccb2074826a092dd13016 (git) before 6beb6835c1fbb3f676aebb51a5fee6b77fed9308
affected

Default status
affected

3.3
affected

Any version before 3.3
unaffected

5.4.294 (semver)
unaffected

5.10.238 (semver)
unaffected

5.15.183 (semver)
unaffected

6.1.139 (semver)
unaffected

6.6.91 (semver)
unaffected

6.12.29 (semver)
unaffected

6.14.7 (semver)
unaffected

6.15 (original_commit_for_fix)
unaffected

References

lists.debian.org/debian-lts-announce/2025/10/msg00007.html

lists.debian.org/debian-lts-announce/2025/08/msg00010.html

git.kernel.org/...c/6712dc21506738f5f22b4f68b7c0d9e0df819dbd

git.kernel.org/...c/06b4f110c79716c181a8c5da007c259807840232

git.kernel.org/...c/47f7f00cf2fa3137d5c0416ef1a71bdf77901395

git.kernel.org/...c/bca8df998cce1fead8cbc69144862eadc2e34c87

git.kernel.org/...c/0236742bd959332181c1fcc41a05b7b709180501

git.kernel.org/...c/ec334aaab74705cc515205e1da3cb369fdfd93cd

git.kernel.org/...c/4fa672cbce9c86c3efb8621df1ae580d47813430

git.kernel.org/...c/6beb6835c1fbb3f676aebb51a5fee6b77fed9308

www.zerodayinitiative.com/advisories/ZDI-25-307/

cve.org (CVE-2025-37998)

nvd.nist.gov (CVE-2025-37998)

Download JSON