Linux Kernel Vulnerability in Open vSwitch Affecting Attribute Parsing
CVE-2025-37998
What is CVE-2025-37998?
A vulnerability has been identified in the Open vSwitch component of the Linux kernel regarding unsafe attribute parsing during the handling of userspace output. This flaw occurred due to manual Netlink attribute iteration in the output_userspace() function, risking the processing of ill-formed attributes. A patch has been implemented to enhance security by utilizing nla_for_each_nested(), effectively ensuring that only well-structured attributes are handled. Users are advised to update their Open vSwitch installations to the latest version to mitigate potential risks associated with this vulnerability.
Affected Version(s)
Linux ccb1352e76cff0524e7ccb2074826a092dd13016 < 47f7f00cf2fa3137d5c0416ef1a71bdf77901395
Linux ccb1352e76cff0524e7ccb2074826a092dd13016
Linux ccb1352e76cff0524e7ccb2074826a092dd13016 < 0236742bd959332181c1fcc41a05b7b709180501