5.5

CVE-2025-37998

openvswitch: Fix unsafe attribute parsing in output_userspace()

In the Linux kernel, the following vulnerability has been resolved:

openvswitch: Fix unsafe attribute parsing in output_userspace()

This patch replaces the manual Netlink attribute iteration in
output_userspace() with nla_for_each_nested(), which ensures that only
well-formed attributes are processed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.3 < 5.4.294
LinuxLinux Kernel Version >= 5.5 < 5.10.238
LinuxLinux Kernel Version >= 5.11 < 5.15.183
LinuxLinux Kernel Version >= 5.16 < 6.1.139
LinuxLinux Kernel Version >= 6.2 < 6.6.91
LinuxLinux Kernel Version >= 6.7 < 6.12.29
LinuxLinux Kernel Version >= 6.13 < 6.14.7
LinuxLinux Kernel Version6.15 Updaterc1
LinuxLinux Kernel Version6.15 Updaterc2
LinuxLinux Kernel Version6.15 Updaterc3
LinuxLinux Kernel Version6.15 Updaterc4
LinuxLinux Kernel Version6.15 Updaterc5
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.059
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/47f7f00cf2fa3137d5c0416ef1a71bdf77901395
Patch
https://git.kernel.org/stable/c/bca8df998cce1fead8cbc69144862eadc2e34c87
Patch
https://git.kernel.org/stable/c/0236742bd959332181c1fcc41a05b7b709180501
Patch
https://git.kernel.org/stable/c/ec334aaab74705cc515205e1da3cb369fdfd93cd
Patch
https://git.kernel.org/stable/c/4fa672cbce9c86c3efb8621df1ae580d47813430
Patch
https://git.kernel.org/stable/c/6beb6835c1fbb3f676aebb51a5fee6b77fed9308
Patch
https://git.kernel.org/stable/c/06b4f110c79716c181a8c5da007c259807840232
Patch
https://git.kernel.org/stable/c/6712dc21506738f5f22b4f68b7c0d9e0df819dbd
Patch
https://www.zerodayinitiative.com/advisories/ZDI-25-307/
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html
Third Party Advisory