CVE-2025-37998
📋 TL;DR
This vulnerability in the Linux kernel's Open vSwitch module involves unsafe Netlink attribute parsing in the output_userspace() function. Attackers could potentially exploit this to cause kernel crashes or execute arbitrary code in kernel context. Systems running affected Linux kernel versions with Open vSwitch enabled are vulnerable.
💻 Affected Systems
- Linux kernel with Open vSwitch module
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash or potential kernel memory corruption enabling arbitrary code execution with kernel privileges.
Likely Case
Kernel crash causing denial of service, potentially requiring system reboot to restore functionality.
If Mitigated
No impact if Open vSwitch is not enabled or if proper kernel hardening measures are in place.
🎯 Exploit Status
Exploitation requires sending malformed Netlink messages to the Open vSwitch kernel module, which typically requires some level of access to the system.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 0236742bd959332181c1fcc41a05b7b709180501, 06b4f110c79716c181a8c5da007c259807840232, 47f7f00cf2fa3137d5c0416ef1a71bdf77901395, 4fa672cbce9c86c3efb8621df1ae580d47813430, or 6712dc21506738f5f22b4f68b7c0d9e0df819dbd
Vendor Advisory: https://git.kernel.org/stable/c/0236742bd959332181c1fcc41a05b7b709180501
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify Open vSwitch module loads correctly after reboot.
🔧 Temporary Workarounds
Disable Open vSwitch kernel module
linuxPrevent loading of vulnerable Open vSwitch kernel module
echo 'blacklist openvswitch' >> /etc/modprobe.d/blacklist.conf
rmmod openvswitch
Restrict Netlink access
linuxLimit which users/processes can communicate with Open vSwitch via Netlink
# Use Linux security modules like SELinux or AppArmor to restrict access
# Configure appropriate MAC policies for ovs-vswitchd and related processes
🧯 If You Can't Patch
- Disable Open vSwitch functionality if not required
- Implement strict network segmentation to limit access to Open vSwitch management interfaces
🔍 How to Verify
Check if Vulnerable:
Check if Open vSwitch kernel module is loaded: lsmod | grep openvswitchCheck Version:
uname -rVerify Fix Applied:
Check kernel version after update: uname -r and verify it includes the fix commits📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/messages or dmesg
- Open vSwitch process crashes
- Netlink error messages related to attribute parsing
Network Indicators:
- Unusual Netlink traffic to Open vSwitch control plane
- Multiple connection attempts to ovs-vswitchd management interface
SIEM Query:
source="kernel" AND ("panic" OR "Oops") AND "openvswitch" OR source="ovs-vswitchd" AND ("error" OR "crash")🔗 References
- https://git.kernel.org/stable/c/0236742bd959332181c1fcc41a05b7b709180501
- https://git.kernel.org/stable/c/06b4f110c79716c181a8c5da007c259807840232
- https://git.kernel.org/stable/c/47f7f00cf2fa3137d5c0416ef1a71bdf77901395
- https://git.kernel.org/stable/c/4fa672cbce9c86c3efb8621df1ae580d47813430
- https://git.kernel.org/stable/c/6712dc21506738f5f22b4f68b7c0d9e0df819dbd
- https://git.kernel.org/stable/c/6beb6835c1fbb3f676aebb51a5fee6b77fed9308
- https://git.kernel.org/stable/c/bca8df998cce1fead8cbc69144862eadc2e34c87
- https://git.kernel.org/stable/c/ec334aaab74705cc515205e1da3cb369fdfd93cd
- https://www.zerodayinitiative.com/advisories/ZDI-25-307/
- https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
