CVE-2025-38146

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.15.0-121-generic #131-Ubuntu

Description: A vulnerability in the Linux kernel has been resolved, specifically in the openvswitch module. The issue occurs when an unexpected MPLS packet does not end with the bottom label stack, causing a dead loop and potentially leading to a soft lockup or CPU stuck. This happens when the label count value wraps around due to many stacks. The vulnerability is related to an array-index-out-of-bounds error in the flow.c file.

Recommendations: For Linux kernel version 5.15.0-121-generic #131-Ubuntu and earlier, update to a newer version to resolve the issue. As a temporary workaround, consider disabling the openvswitch module until a patch is available. Restrict access to the vulnerable flow.c file to minimize the risk of exploitation. Avoid using the key extract l3l4 function in the affected openvswitch module until the issue is resolved.