Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in output_userspace() with nla_for_each_nested(), which ensures that only well-formed attributes are processed.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 3.3, < 5.4.294 |
| Debian | Debian Linux | 11.0 |
References
- https://git.kernel.org/stable/c/0236742bd959332181c1fcc41a05b7b709180501Patch
- https://git.kernel.org/stable/c/06b4f110c79716c181a8c5da007c259807840232Patch
- https://git.kernel.org/stable/c/47f7f00cf2fa3137d5c0416ef1a71bdf77901395Patch
- https://git.kernel.org/stable/c/4fa672cbce9c86c3efb8621df1ae580d47813430Patch
- https://git.kernel.org/stable/c/6712dc21506738f5f22b4f68b7c0d9e0df819dbdPatch
- https://git.kernel.org/stable/c/6beb6835c1fbb3f676aebb51a5fee6b77fed9308Patch
- https://git.kernel.org/stable/c/bca8df998cce1fead8cbc69144862eadc2e34c87Patch
- https://git.kernel.org/stable/c/ec334aaab74705cc515205e1da3cb369fdfd93cdPatch
- https://www.zerodayinitiative.com/advisories/ZDI-25-307/Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2025/08/msg00010.htmlThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.htmlThird Party Advisory
FAQ
What is CVE-2025-37998?
CVE-2025-37998 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in outp...
How severe is CVE-2025-37998?
CVE-2025-37998 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-37998?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux.