CVE-2025-37789

HIGH EPSS 6.8%
Published May 1, 20251y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published May 1, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is smaller than the netlink header. Check that the attribute is OK first.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
6.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥3.3  –  <5.4.293
linuxlinux_kernel*≥5.5  –  <5.10.237
linuxlinux_kernel*≥5.11  –  <5.15.181
linuxlinux_kernel*≥5.16  –  <6.1.135
linuxlinux_kernel*≥6.2  –  <6.6.88
linuxlinux_kernel*≥6.7  –  <6.12.25
linuxlinux_kernel*≥6.13  –  <6.14.4
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
debiandebian_linux11.0any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/03d7262dd53e8c404da35cc81aaa887fd901f76b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1489c195c8eecd262aa6712761ba5288203e28ec
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/54c6957d1123a2032099b9eab51c314800f677ce
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/65d91192aa66f05710cfddf6a14b5a25ee554dba
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7fcaec0b2ab8fa5fbf0b45e5512364a168f445bd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/824a7c2df5127b2402b68a21a265d413e78dcad7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a27526e6b48eee9e2d82efff502c4f272f1a91d4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/be80768d4f3b6fd13f421451cc3fee8778aba8bc
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/03d7262dd53e8c404da35cc81aaa887fd901f76b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1489c195c8eecd262aa6712761ba5288203e28ec
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/54c6957d1123a2032099b9eab51c314800f677ce
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/65d91192aa66f05710cfddf6a14b5a25ee554dba
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7fcaec0b2ab8fa5fbf0b45e5512364a168f445bd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/824a7c2df5127b2402b68a21a265d413e78dcad7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a27526e6b48eee9e2d82efff502c4f272f1a91d4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/be80768d4f3b6fd13f421451cc3fee8778aba8bc
    Patch