Linux Kernel Vulnerability in Open vSwitch Affecting Multiple Versions
CVE-2025-38146

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-38146?

A vulnerability in the Linux kernel's Open vSwitch component can lead to a dead loop scenario during MPLS packet parsing if the packet does not end correctly. This issue arises when the label count wraps around due to excessive label stacks, ultimately causing a CPU soft lockup. The flaw can significantly affect system performance, leading to a non-responsive state if exploited effectively. Users are encouraged to update to the latest Open vSwitch versions to mitigate this risk.

Affected Version(s)

Linux fbdcdd78da7c95f1b970d371e1b23cbd3aa990f3 < 4b9a086eedc1fddae632310386098c12155e3d0a

Linux fbdcdd78da7c95f1b970d371e1b23cbd3aa990f3

References

https://git.kernel.org/stable/c/4b9a086eedc1fddae63231038...

https://git.kernel.org/stable/c/ad17eb86d042d72a59fd184ad...

https://git.kernel.org/stable/c/f26fe7c3002516dd3c288f101...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Apr 16, 2025