Linux Kernel Open vSwitch Nested Key Length Validation Vulnerability

Vulnerability

A vulnerability in the Linux kernel's Open vSwitch component has been addressed, concerning improper validation of nested key lengths in the 'set()' action. The issue arose because it was unsafe to access the netlink attribute length of the Open vSwitch key if the data was smaller than the netlink header. The vulnerability has been resolved by implementing a proper validation check to ensure the attribute is safe to access.

Impact

Exploitation of this vulnerability could lead to incorrect handling of netlink attributes, potentially causing memory corruption or other unintended behavior in the Open vSwitch component.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Open vSwitch Nested Key Length Validation Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating