{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-37998", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:23.976Z", "datePublished": "2025-05-29T13:15:56.197Z", "dateUpdated": "2025-11-03T19:58:12.202Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-08-09T14:39:34.310Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: Fix unsafe attribute parsing in output_userspace()\n\nThis patch replaces the manual Netlink attribute iteration in\noutput_userspace() with nla_for_each_nested(), which ensures that only\nwell-formed attributes are processed."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/openvswitch/actions.c"], "versions": [{"version": "ccb1352e76cff0524e7ccb2074826a092dd13016", "lessThan": "6712dc21506738f5f22b4f68b7c0d9e0df819dbd", "status": "affected", "versionType": "git"}, {"version": "ccb1352e76cff0524e7ccb2074826a092dd13016", "lessThan": "06b4f110c79716c181a8c5da007c259807840232", "status": "affected", "versionType": "git"}, {"version": "ccb1352e76cff0524e7ccb2074826a092dd13016", "lessThan": "47f7f00cf2fa3137d5c0416ef1a71bdf77901395", "status": "affected", "versionType": "git"}, {"version": "ccb1352e76cff0524e7ccb2074826a092dd13016", "lessThan": "bca8df998cce1fead8cbc69144862eadc2e34c87", "status": "affected", "versionType": "git"}, {"version": "ccb1352e76cff0524e7ccb2074826a092dd13016", "lessThan": "0236742bd959332181c1fcc41a05b7b709180501", "status": "affected", "versionType": "git"}, {"version": "ccb1352e76cff0524e7ccb2074826a092dd13016", "lessThan": "ec334aaab74705cc515205e1da3cb369fdfd93cd", "status": "affected", "versionType": "git"}, {"version": "ccb1352e76cff0524e7ccb2074826a092dd13016", "lessThan": "4fa672cbce9c86c3efb8621df1ae580d47813430", "status": "affected", "versionType": "git"}, {"version": "ccb1352e76cff0524e7ccb2074826a092dd13016", "lessThan": "6beb6835c1fbb3f676aebb51a5fee6b77fed9308", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/openvswitch/actions.c"], "versions": [{"version": "3.3", "status": "affected"}, {"version": "0", "lessThan": "3.3", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.294", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.238", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.183", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.139", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.91", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.29", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.14.7", "lessThanOrEqual": "6.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.3", "versionEndExcluding": "5.4.294"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.3", "versionEndExcluding": "5.10.238"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.3", "versionEndExcluding": "5.15.183"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.3", "versionEndExcluding": "6.1.139"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.3", "versionEndExcluding": "6.6.91"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.3", "versionEndExcluding": "6.12.29"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.3", "versionEndExcluding": "6.14.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.3", "versionEndExcluding": "6.15"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/6712dc21506738f5f22b4f68b7c0d9e0df819dbd"}, {"url": "https://git.kernel.org/stable/c/06b4f110c79716c181a8c5da007c259807840232"}, {"url": "https://git.kernel.org/stable/c/47f7f00cf2fa3137d5c0416ef1a71bdf77901395"}, {"url": "https://git.kernel.org/stable/c/bca8df998cce1fead8cbc69144862eadc2e34c87"}, {"url": "https://git.kernel.org/stable/c/0236742bd959332181c1fcc41a05b7b709180501"}, {"url": "https://git.kernel.org/stable/c/ec334aaab74705cc515205e1da3cb369fdfd93cd"}, {"url": "https://git.kernel.org/stable/c/4fa672cbce9c86c3efb8621df1ae580d47813430"}, {"url": "https://git.kernel.org/stable/c/6beb6835c1fbb3f676aebb51a5fee6b77fed9308"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-307/"}], "title": "openvswitch: Fix unsafe attribute parsing in output_userspace()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:58:12.202Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: Fix unsafe attribute parsing in output_userspace()\n\nThis patch replaces the manual Netlink attribute iteration in\noutput_userspace() with nla_for_each_nested(), which ensures that only\nwell-formed attributes are processed."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: openvswitch: corrige el an\u00e1lisis de atributos inseguro en output_userspace() Este parche reemplaza la iteraci\u00f3n manual de atributos Netlink en output_userspace() con nla_for_each_nested(), que garantiza que solo se procesen los atributos bien formados."}], "id": "CVE-2025-37998", "lastModified": "2025-11-03T20:18:45.440", "metrics": {}, "published": "2025-05-29T14:15:36.450", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0236742bd959332181c1fcc41a05b7b709180501"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/06b4f110c79716c181a8c5da007c259807840232"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/47f7f00cf2fa3137d5c0416ef1a71bdf77901395"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4fa672cbce9c86c3efb8621df1ae580d47813430"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6712dc21506738f5f22b4f68b7c0d9e0df819dbd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6beb6835c1fbb3f676aebb51a5fee6b77fed9308"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/bca8df998cce1fead8cbc69144862eadc2e34c87"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ec334aaab74705cc515205e1da3cb369fdfd93cd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-307/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: openvswitch: Fix unsafe attribute parsing in output_userspace()", "id": "2369185", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369185"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-241", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nopenvswitch: Fix unsafe attribute parsing in output_userspace()\nThis patch replaces the manual Netlink attribute iteration in\noutput_userspace() with nla_for_each_nested(), which ensures that only\nwell-formed attributes are processed."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, prevent module openvswitch from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."}, "name": "CVE-2025-37998", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-05-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-37998\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-37998\nhttps://lore.kernel.org/linux-cve-announce/2025052903-CVE-2025-37998-10fb@gregkh/T"], "statement": "The bug could happen only if Open vSwitch is being used (that is a multilayer Ethernet switch targeted at virtualized environments). The bug doesn't lead to kernel crash, but more about possibility of incorrect behavior (can lead to some corrupted data being processed). The security impact is limited.", "threat_severity": "Moderate"}