CVE-2025-38146

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: openvswitch: Fix the dead loop of MPLS parse<br /> <br /> The unexpected MPLS packet may not end with the bottom label stack.<br /> When there are many stacks, The label count value has wrapped around.<br /> A dead loop occurs, soft lockup/CPU stuck finally.<br /> <br /> stack backtrace:<br /> UBSAN: array-index-out-of-bounds in /build/linux-0Pa0xK/linux-5.15.0/net/openvswitch/flow.c:662:26<br /> index -1 is out of range for type &amp;#39;__be32 [3]&amp;#39;<br /> CPU: 34 PID: 0 Comm: swapper/34 Kdump: loaded Tainted: G OE 5.15.0-121-generic #131-Ubuntu<br /> Hardware name: Dell Inc. PowerEdge C6420/0JP9TF, BIOS 2.12.2 07/14/2021<br /> Call Trace:<br /> <br /> show_stack+0x52/0x5c<br /> dump_stack_lvl+0x4a/0x63<br /> dump_stack+0x10/0x16<br /> ubsan_epilogue+0x9/0x36<br /> __ubsan_handle_out_of_bounds.cold+0x44/0x49<br /> key_extract_l3l4+0x82a/0x840 [openvswitch]<br /> ? kfree_skbmem+0x52/0xa0<br /> key_extract+0x9c/0x2b0 [openvswitch]<br /> ovs_flow_key_extract+0x124/0x350 [openvswitch]<br /> ovs_vport_receive+0x61/0xd0 [openvswitch]<br /> ? kernel_init_free_pages.part.0+0x4a/0x70<br /> ? get_page_from_freelist+0x353/0x540<br /> netdev_port_receive+0xc4/0x180 [openvswitch]<br /> ? netdev_port_receive+0x180/0x180 [openvswitch]<br /> netdev_frame_hook+0x1f/0x40 [openvswitch]<br /> __netif_receive_skb_core.constprop.0+0x23a/0xf00<br /> __netif_receive_skb_list_core+0xfa/0x240<br /> netif_receive_skb_list_internal+0x18e/0x2a0<br /> napi_complete_done+0x7a/0x1c0<br /> bnxt_poll+0x155/0x1c0 [bnxt_en]<br /> __napi_poll+0x30/0x180<br /> net_rx_action+0x126/0x280<br /> ? bnxt_msix+0x67/0x80 [bnxt_en]<br /> handle_softirqs+0xda/0x2d0<br /> irq_exit_rcu+0x96/0xc0<br /> common_interrupt+0x8e/0xa0<br />