CVE-2025-37998

{"id": "CVE-2025-37998", "cveTags": [], "metrics": {}, "published": "2025-05-29T14:15:36.450", "references": [{"url": "https://git.kernel.org/stable/c/0236742bd959332181c1fcc41a05b7b709180501", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/06b4f110c79716c181a8c5da007c259807840232", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/47f7f00cf2fa3137d5c0416ef1a71bdf77901395", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/4fa672cbce9c86c3efb8621df1ae580d47813430", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6712dc21506738f5f22b4f68b7c0d9e0df819dbd", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6beb6835c1fbb3f676aebb51a5fee6b77fed9308", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/bca8df998cce1fead8cbc69144862eadc2e34c87", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ec334aaab74705cc515205e1da3cb369fdfd93cd", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-307/", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: Fix unsafe attribute parsing in output_userspace()\n\nThis patch replaces the manual Netlink attribute iteration in\noutput_userspace() with nla_for_each_nested(), which ensures that only\nwell-formed attributes are processed."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: openvswitch: corrige el an\u00e1lisis de atributos inseguro en output_userspace() Este parche reemplaza la iteraci\u00f3n manual de atributos Netlink en output_userspace() con nla_for_each_nested(), que garantiza que solo se procesen los atributos bien formados."}], "lastModified": "2025-11-03T20:18:45.440", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}