CVE-2025-37789 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is smaller than the netlink header. Check that the attribute is OK first.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/03d7262dd53e8c404da35cc81aaa887fd901f76b
https://git.kernel.org/stable/c/1489c195c8eecd262aa6712761ba5288203e28ec
https://git.kernel.org/stable/c/54c6957d1123a2032099b9eab51c314800f677ce
https://git.kernel.org/stable/c/65d91192aa66f05710cfddf6a14b5a25ee554dba
https://git.kernel.org/stable/c/7fcaec0b2ab8fa5fbf0b45e5512364a168f445bd
https://git.kernel.org/stable/c/824a7c2df5127b2402b68a21a265d413e78dcad7
https://git.kernel.org/stable/c/a27526e6b48eee9e2d82efff502c4f272f1a91d4
https://git.kernel.org/stable/c/be80768d4f3b6fd13f421451cc3fee8778aba8bc
https://lore.kernel.org/linux-cve-announce/2025050119-CVE-2025-37789-3f0b@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-37789
https://www.cve.org/CVERecord?id=CVE-2025-37789

History

Fri, 02 May 2025 14:45:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025050119-CVE-2025-37789-3f0b@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-37789 https://www.cve.org/CVERecord?id=CVE-2025-37789
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Fri, 02 May 2025 06:30:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/54c6957d1123a2032099b9eab51c314800f677ce https://git.kernel.org/stable/c/7fcaec0b2ab8fa5fbf0b45e5512364a168f445bd https://git.kernel.org/stable/c/a27526e6b48eee9e2d82efff502c4f272f1a91d4

Thu, 01 May 2025 13:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is smaller than the netlink header. Check that the attribute is OK first.
Title		net: openvswitch: fix nested key length validation in the set() action
References		https://git.kernel.org/stable/c/03d7262dd53e8c404da35cc81aaa887fd901f76b https://git.kernel.org/stable/c/1489c195c8eecd262aa6712761ba5288203e28ec https://git.kernel.org/stable/c/65d91192aa66f05710cfddf6a14b5a25ee554dba https://git.kernel.org/stable/c/824a7c2df5127b2402b68a21a265d413e78dcad7 https://git.kernel.org/stable/c/be80768d4f3b6fd13f421451cc3fee8778aba8bc

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-05-01T13:07:22.809Z

Updated: 2025-05-02T06:16:29.055Z

Reserved: 2025-04-16T04:51:23.940Z

Link: CVE-2025-37789

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-05-01T14:15:43.290

Modified: 2025-05-02T13:53:20.943

Link: CVE-2025-37789

Redhat

Severity : Moderate

Publid Date: 2025-05-01T00:00:00Z

Links: CVE-2025-37789 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object