#VU108394 Input validation error in Linux kernel - CVE-2025-37789
Vulnerability identifier: #VU108394
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the validate_set() function in net/openvswitch/flow_netlink.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 6.12, 6.12.1, 6.12.2, 6.12.3, 6.12.4, 6.12.5, 6.12.6, 6.12.7, 6.12.8, 6.12.9, 6.12.10, 6.12.11, 6.12.12, 6.12.13, 6.12.14, 6.12.15, 6.12.16, 6.12.17, 6.12.18, 6.12.19, 6.12.20, 6.12.21, 6.12.22, 6.12.23, 6.12.24
External links
https://git.kernel.org/stable/c/03d7262dd53e8c404da35cc81aaa887fd901f76b
https://git.kernel.org/stable/c/1489c195c8eecd262aa6712761ba5288203e28ec
https://git.kernel.org/stable/c/54c6957d1123a2032099b9eab51c314800f677ce
https://git.kernel.org/stable/c/65d91192aa66f05710cfddf6a14b5a25ee554dba
https://git.kernel.org/stable/c/7fcaec0b2ab8fa5fbf0b45e5512364a168f445bd
https://git.kernel.org/stable/c/824a7c2df5127b2402b68a21a265d413e78dcad7
https://git.kernel.org/stable/c/a27526e6b48eee9e2d82efff502c4f272f1a91d4
https://git.kernel.org/stable/c/be80768d4f3b6fd13f421451cc3fee8778aba8bc
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.25
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
