CVE-2025-37789

Advisory lineage Upstream: 0 Downstream: 59

Downstream

DEBIAN-CVE-2025-37789 DLA-4178-1 DLA-4193-1 RHSA-2026:1194 RHSA-2026:1236 RHSA-2026:1441

Analyzed

Published: 01 May 2025, 13:07

Last modified:11 May 2026, 21:15

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

v3.1 (nvd)

EPSS Score

0.07% LOW

0% probability +0.04%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

01 May 2025, 13:07

Published

Vulnerability first disclosed

11 May 2026, 21:15

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is smaller than the netlink header. Check that the attribute is OK first.

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.07%• Percentile: 21%

Affected Systems

debian•debian_linux
11.0
linux•linux
≥ ccb1352e76cff0524e7ccb2074826a092dd13016, < 54c6957d1123a2032099b9eab51c314800f677ce | ≥ ccb1352e76cff0524e7ccb2074826a092dd13016, < 7fcaec0b2ab8fa5fbf0b45e5512364a168f445bd | ≥ ccb1352e76cff0524e7ccb2074826a092dd13016, < a27526e6b48eee9e2d82efff502c4f272f1a91d4 | ≥ ccb1352e76cff0524e7ccb2074826a092dd13016, < 1489c195c8eecd262aa6712761ba5288203e28ec | ≥ ccb1352e76cff0524e7ccb2074826a092dd13016, < 824a7c2df5127b2402b68a21a265d413e78dcad7 | ≥ ccb1352e76cff0524e7ccb2074826a092dd13016, < be80768d4f3b6fd13f421451cc3fee8778aba8bc | ≥ ccb1352e76cff0524e7ccb2074826a092dd13016, < 03d7262dd53e8c404da35cc81aaa887fd901f76b | ≥ ccb1352e76cff0524e7ccb2074826a092dd13016, < 65d91192aa66f05710cfddf6a14b5a25ee554dba | 3.3
linux•linux_kernel
≥ 3.3, < 5.4.293 | ≥ 5.5, < 5.10.237 | ≥ 5.11, < 5.15.181 | ≥ 5.16, < 6.1.135 | ≥ 6.2, < 6.6.88 | ≥ 6.7, < 6.12.25 | ≥ 6.13, < 6.14.4 | 6.15:rc1 | 6.15:rc2