CVE-2025-37998
- Source
- https://cve.org/CVERecord?id=CVE-2025-37998
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37998.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-37998
- Downstream
- Related
- Published
- 2025-05-29T13:15:56.197Z
- Modified
- 2026-05-07T04:17:54.235815Z
- Summary
- openvswitch: Fix unsafe attribute parsing in output_userspace()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
openvswitch: Fix unsafe attribute parsing in output_userspace()
This patch replaces the manual Netlink attribute iteration in outputuserspace() with nlaforeachnested(), which ensures that only well-formed attributes are processed.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37998.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/0236742bd959332181c1fcc41a05b7b709180501
- https://git.kernel.org/stable/c/06b4f110c79716c181a8c5da007c259807840232
- https://git.kernel.org/stable/c/47f7f00cf2fa3137d5c0416ef1a71bdf77901395
- https://git.kernel.org/stable/c/4fa672cbce9c86c3efb8621df1ae580d47813430
- https://git.kernel.org/stable/c/6712dc21506738f5f22b4f68b7c0d9e0df819dbd
- https://git.kernel.org/stable/c/6beb6835c1fbb3f676aebb51a5fee6b77fed9308
- https://git.kernel.org/stable/c/bca8df998cce1fead8cbc69144862eadc2e34c87
- https://git.kernel.org/stable/c/ec334aaab74705cc515205e1da3cb369fdfd93cd
- https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37998.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-37998
- https://www.zerodayinitiative.com/advisories/ZDI-25-307/
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedccb1352e76cff0524e7ccb2074826a092dd13016Fixed6712dc21506738f5f22b4f68b7c0d9e0df819dbdFixed06b4f110c79716c181a8c5da007c259807840232Fixed47f7f00cf2fa3137d5c0416ef1a71bdf77901395Fixedbca8df998cce1fead8cbc69144862eadc2e34c87Fixed0236742bd959332181c1fcc41a05b7b709180501Fixedec334aaab74705cc515205e1da3cb369fdfd93cdFixed4fa672cbce9c86c3efb8621df1ae580d47813430Fixed6beb6835c1fbb3f676aebb51a5fee6b77fed9308
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced3.3.0Fixed5.4.294
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.238
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.183
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.139
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.91
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.29
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.14.7