{"id":"CVE-2025-37789","summary":"net: openvswitch: fix nested key length validation in the set() action","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix nested key length validation in the set() action\n\nIt's not safe to access nla_len(ovs_key) if the data is smaller than\nthe netlink header.  Check that the attribute is OK first.","modified":"2026-04-03T13:14:37.771556Z","published":"2025-05-01T13:07:22.809Z","related":["ALSA-2026:2212","SUSE-SU-2025:01918-1","SUSE-SU-2025:01919-1","SUSE-SU-2025:01951-1","SUSE-SU-2025:01964-1","SUSE-SU-2025:01965-1","SUSE-SU-2025:01966-1","SUSE-SU-2025:01967-1","SUSE-SU-2025:01972-1","SUSE-SU-2025:01982-1","SUSE-SU-2025:01983-1","SUSE-SU-2025:01995-1","SUSE-SU-2025:02000-1","SUSE-SU-2025:02173-1","SUSE-SU-2025:02262-1","SUSE-SU-2025:20408-1","SUSE-SU-2025:20413-1","SUSE-SU-2025:20419-1","SUSE-SU-2025:20421-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37789.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/03d7262dd53e8c404da35cc81aaa887fd901f76b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1489c195c8eecd262aa6712761ba5288203e28ec"},{"type":"WEB","url":"https://git.kernel.org/stable/c/54c6957d1123a2032099b9eab51c314800f677ce"},{"type":"WEB","url":"https://git.kernel.org/stable/c/65d91192aa66f05710cfddf6a14b5a25ee554dba"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7fcaec0b2ab8fa5fbf0b45e5512364a168f445bd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/824a7c2df5127b2402b68a21a265d413e78dcad7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a27526e6b48eee9e2d82efff502c4f272f1a91d4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/be80768d4f3b6fd13f421451cc3fee8778aba8bc"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37789.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-37789"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ccb1352e76cff0524e7ccb2074826a092dd13016"},{"fixed":"54c6957d1123a2032099b9eab51c314800f677ce"},{"fixed":"7fcaec0b2ab8fa5fbf0b45e5512364a168f445bd"},{"fixed":"a27526e6b48eee9e2d82efff502c4f272f1a91d4"},{"fixed":"1489c195c8eecd262aa6712761ba5288203e28ec"},{"fixed":"824a7c2df5127b2402b68a21a265d413e78dcad7"},{"fixed":"be80768d4f3b6fd13f421451cc3fee8778aba8bc"},{"fixed":"03d7262dd53e8c404da35cc81aaa887fd901f76b"},{"fixed":"65d91192aa66f05710cfddf6a14b5a25ee554dba"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37789.json"}}],"schema_version":"1.7.5"}