SB20250502301 - Input validation error in Linux kernel openvswitch
Published: May 2, 2025 Updated: May 10, 2025
Security Bulletin ID
SB20250502301
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2025-37789)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the validate_set() function in net/openvswitch/flow_netlink.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/03d7262dd53e8c404da35cc81aaa887fd901f76b
- https://git.kernel.org/stable/c/1489c195c8eecd262aa6712761ba5288203e28ec
- https://git.kernel.org/stable/c/54c6957d1123a2032099b9eab51c314800f677ce
- https://git.kernel.org/stable/c/65d91192aa66f05710cfddf6a14b5a25ee554dba
- https://git.kernel.org/stable/c/7fcaec0b2ab8fa5fbf0b45e5512364a168f445bd
- https://git.kernel.org/stable/c/824a7c2df5127b2402b68a21a265d413e78dcad7
- https://git.kernel.org/stable/c/a27526e6b48eee9e2d82efff502c4f272f1a91d4
- https://git.kernel.org/stable/c/be80768d4f3b6fd13f421451cc3fee8778aba8bc
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.25