CVE-2025-38146
- Source
- https://cve.org/CVERecord?id=CVE-2025-38146
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38146.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38146
- Downstream
- Related
- Published
- 2025-07-03T08:35:52.230Z
- Modified
- 2026-03-12T02:15:44.710488Z
- Summary
- net: openvswitch: Fix the dead loop of MPLS parse
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: Fix the dead loop of MPLS parse
The unexpected MPLS packet may not end with the bottom label stack. When there are many stacks, The label count value has wrapped around. A dead loop occurs, soft lockup/CPU stuck finally.
stack backtrace: UBSAN: array-index-out-of-bounds in /build/linux-0Pa0xK/linux-5.15.0/net/openvswitch/flow.c:662:26 index -1 is out of range for type '__be32 [3]' CPU: 34 PID: 0 Comm: swapper/34 Kdump: loaded Tainted: G OE 5.15.0-121-generic #131-Ubuntu Hardware name: Dell Inc. PowerEdge C6420/0JP9TF, BIOS 2.12.2 07/14/2021 Call Trace: <IRQ> showstack+0x52/0x5c dumpstack_lvl+0x4a/0x63 dumpstack+0x10/0x16 ubsanepilogue+0x9/0x36 __ubsanhandleout_ofbounds.cold+0x44/0x49 keyextractl3l4+0x82a/0x840 [openvswitch] ? kfreeskbmem+0x52/0xa0 keyextract+0x9c/0x2b0 [openvswitch] ovsflowkeyextract+0x124/0x350 [openvswitch] ovsvportreceive+0x61/0xd0 [openvswitch] ? kernelinitfreepages.part.0+0x4a/0x70 ? getpagefromfreelist+0x353/0x540 netdevportreceive+0xc4/0x180 [openvswitch] ? netdevportreceive+0x180/0x180 [openvswitch] netdevframehook+0x1f/0x40 [openvswitch] __netifreceiveskb_core.constprop.0+0x23a/0xf00 __netifreceiveskblistcore+0xfa/0x240 netifreceiveskblistinternal+0x18e/0x2a0 napicompletedone+0x7a/0x1c0 bnxtpoll+0x155/0x1c0 [bnxten] _napipoll+0x30/0x180 netrxaction+0x126/0x280 ? bnxtmsix+0x67/0x80 [bnxten] handlesoftirqs+0xda/0x2d0 irqexitrcu+0x96/0xc0 commoninterrupt+0x8e/0xa0 </IRQ>
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38146.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0bdc924bfb319fb10d1113cbf091fc26fb7b1f99
- https://git.kernel.org/stable/c/3c1906a3d50cb94fd0a10e97a1c0a40c0f033cb7
- https://git.kernel.org/stable/c/4b9a086eedc1fddae632310386098c12155e3d0a
- https://git.kernel.org/stable/c/69541e58323ec3e3904e1fa87a6213961b1f52f4
- https://git.kernel.org/stable/c/8ebcd311b4866ab911d1445ead08690e67f0c488
- https://git.kernel.org/stable/c/ad17eb86d042d72a59fd184ad1adf34f5eb36843
- https://git.kernel.org/stable/c/f26fe7c3002516dd3c288f1012786df31f4d89e0
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38146.json
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-38146
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfbdcdd78da7c95f1b970d371e1b23cbd3aa990f3Fixed4b9a086eedc1fddae632310386098c12155e3d0aFixedad17eb86d042d72a59fd184ad1adf34f5eb36843Fixedf26fe7c3002516dd3c288f1012786df31f4d89e0Fixed8ebcd311b4866ab911d1445ead08690e67f0c488Fixed69541e58323ec3e3904e1fa87a6213961b1f52f4Fixed3c1906a3d50cb94fd0a10e97a1c0a40c0f033cb7Fixed0bdc924bfb319fb10d1113cbf091fc26fb7b1f99