CVE-2025-37789

HIGH

Linux Kernel - Denial of Service via Nested Key Length Validation in Open vSwitch Set Action

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is smaller than the netlink header. Check that the attribute is OK first.

References (10)

Core 10

Core References

Mailing List, Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html

Mailing List, Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

Patch

https://git.kernel.org/stable/c/54c6957d1123a2032099b9eab51c314800f677ce

Patch

https://git.kernel.org/stable/c/7fcaec0b2ab8fa5fbf0b45e5512364a168f445bd

Patch

https://git.kernel.org/stable/c/a27526e6b48eee9e2d82efff502c4f272f1a91d4

Patch

https://git.kernel.org/stable/c/1489c195c8eecd262aa6712761ba5288203e28ec

Patch

https://git.kernel.org/stable/c/824a7c2df5127b2402b68a21a265d413e78dcad7

Patch

https://git.kernel.org/stable/c/be80768d4f3b6fd13f421451cc3fee8778aba8bc

Patch

https://git.kernel.org/stable/c/03d7262dd53e8c404da35cc81aaa887fd901f76b

Patch

https://git.kernel.org/stable/c/65d91192aa66f05710cfddf6a14b5a25ee554dba

Scores

CVSS v3 7.8

EPSS 0.0007

EPSS Percentile 20.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (28)

debian/debian_linux 11.0

linux/Kernel 3.3.0 - 5.4.293linux

linux/Kernel 5.11.0 - 5.15.181linux

linux/Kernel 5.16.0 - 6.1.135linux

linux/Kernel 5.5.0 - 5.10.237linux

linux/Kernel 6.13.0 - 6.14.4linux

linux/Kernel 6.2.0 - 6.6.88linux

linux/Kernel 6.7.0 - 6.12.25linux

Linux/Linux < 3.3

Linux/Linux 3.3

... and 18 more

Published May 01, 2025

Tracked Since Feb 18, 2026