CVE-2025-37998 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in output_userspace() with nla_for_each_nested(), which ensures that only well-formed attributes are processed.

Reserved 2025-04-16 | Published 2025-05-29 | Updated 2025-06-04 | Assigner Linux

Product status

Default status

unaffected

ccb1352e76cff0524e7ccb2074826a092dd13016 before 6712dc21506738f5f22b4f68b7c0d9e0df819dbd

affected

ccb1352e76cff0524e7ccb2074826a092dd13016 before 06b4f110c79716c181a8c5da007c259807840232

affected

ccb1352e76cff0524e7ccb2074826a092dd13016 before 47f7f00cf2fa3137d5c0416ef1a71bdf77901395

affected

ccb1352e76cff0524e7ccb2074826a092dd13016 before bca8df998cce1fead8cbc69144862eadc2e34c87

affected

ccb1352e76cff0524e7ccb2074826a092dd13016 before 0236742bd959332181c1fcc41a05b7b709180501

affected

ccb1352e76cff0524e7ccb2074826a092dd13016 before ec334aaab74705cc515205e1da3cb369fdfd93cd

affected

ccb1352e76cff0524e7ccb2074826a092dd13016 before 4fa672cbce9c86c3efb8621df1ae580d47813430

affected

ccb1352e76cff0524e7ccb2074826a092dd13016 before 6beb6835c1fbb3f676aebb51a5fee6b77fed9308

affected

Default status

affected

3.3

affected

Any version before 3.3

unaffected

5.4.294

unaffected

5.10.238

unaffected

5.15.183

unaffected

6.1.139

unaffected

6.6.91

unaffected

6.12.29

unaffected

6.14.7

unaffected

6.15

unaffected

References

git.kernel.org/...c/6712dc21506738f5f22b4f68b7c0d9e0df819dbd

git.kernel.org/...c/06b4f110c79716c181a8c5da007c259807840232

git.kernel.org/...c/47f7f00cf2fa3137d5c0416ef1a71bdf77901395

git.kernel.org/...c/bca8df998cce1fead8cbc69144862eadc2e34c87

git.kernel.org/...c/0236742bd959332181c1fcc41a05b7b709180501

git.kernel.org/...c/ec334aaab74705cc515205e1da3cb369fdfd93cd

git.kernel.org/...c/4fa672cbce9c86c3efb8621df1ae580d47813430

git.kernel.org/...c/6beb6835c1fbb3f676aebb51a5fee6b77fed9308

cve.org (CVE-2025-37998)

nvd.nist.gov (CVE-2025-37998)

Download JSON