CVE-2025-37998

MEDIUM EPSS 6.0%
Published May 29, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 29, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in output_userspace() with nla_for_each_nested(), which ensures that only well-formed attributes are processed.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
6.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 13

VendorProductVersionRange
linuxlinux_kernel*≥3.3  –  <5.4.294
linuxlinux_kernel*≥5.5  –  <5.10.238
linuxlinux_kernel*≥5.11  –  <5.15.183
linuxlinux_kernel*≥5.16  –  <6.1.139
linuxlinux_kernel*≥6.2  –  <6.6.91
linuxlinux_kernel*≥6.7  –  <6.12.29
linuxlinux_kernel*≥6.13  –  <6.14.7
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
debiandebian_linux11.0any

References 11

  • git.kernel.org https://git.kernel.org/stable/c/0236742bd959332181c1fcc41a05b7b709180501
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/06b4f110c79716c181a8c5da007c259807840232
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/47f7f00cf2fa3137d5c0416ef1a71bdf77901395
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4fa672cbce9c86c3efb8621df1ae580d47813430
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6712dc21506738f5f22b4f68b7c0d9e0df819dbd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6beb6835c1fbb3f676aebb51a5fee6b77fed9308
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bca8df998cce1fead8cbc69144862eadc2e34c87
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ec334aaab74705cc515205e1da3cb369fdfd93cd
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html
    Third Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Third Party Advisory
  • zerodayinitiative.com https://www.zerodayinitiative.com/advisories/ZDI-25-307/
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0236742bd959332181c1fcc41a05b7b709180501
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/06b4f110c79716c181a8c5da007c259807840232
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/47f7f00cf2fa3137d5c0416ef1a71bdf77901395
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4fa672cbce9c86c3efb8621df1ae580d47813430
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6712dc21506738f5f22b4f68b7c0d9e0df819dbd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6beb6835c1fbb3f676aebb51a5fee6b77fed9308
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bca8df998cce1fead8cbc69144862eadc2e34c87
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ec334aaab74705cc515205e1da3cb369fdfd93cd
    Patch