← Back to CVEs
CVE-2025-37998
MEDIUM5.5
Description
In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in output_userspace() with nla_for_each_nested(), which ensures that only well-formed attributes are processed.
CVE Details
CVSS v3.1 Score5.5
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published5/29/2025
Last Modified12/16/2025
Sourcenvd
Honeypot Sightings0
Affected Products
debian:debian_linuxlinux:linux_kernel
References
https://git.kernel.org/stable/c/0236742bd959332181c1fcc41a05b7b709180501(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/06b4f110c79716c181a8c5da007c259807840232(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/47f7f00cf2fa3137d5c0416ef1a71bdf77901395(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/4fa672cbce9c86c3efb8621df1ae580d47813430(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/6712dc21506738f5f22b4f68b7c0d9e0df819dbd(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/6beb6835c1fbb3f676aebb51a5fee6b77fed9308(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/bca8df998cce1fead8cbc69144862eadc2e34c87(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/ec334aaab74705cc515205e1da3cb369fdfd93cd(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://www.zerodayinitiative.com/advisories/ZDI-25-307/(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.