Wind River Support Network

Description

In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]net: openvswitch: Fix the dead loop of MPLS parse[EOL][EOL]The unexpected MPLS packet may not end with the bottom label stack.[EOL]When there are many stacks, The label count value has wrapped around.[EOL]A dead loop occurs, soft lockup/CPU stuck finally.[EOL][EOL]stack backtrace:[EOL]UBSAN: array-index-out-of-bounds in /build/linux-0Pa0xK/linux-5.15.0/net/openvswitch/flow.c:662:26[EOL]index -1 is out of range for type '__be32 [3]'[EOL]CPU: 34 PID: 0 Comm: swapper/34 Kdump: loaded Tainted: G           OE   5.15.0-121-generic #131-Ubuntu[EOL]Hardware name: Dell Inc. PowerEdge C6420/0JP9TF, BIOS 2.12.2 07/14/2021[EOL]Call Trace:[EOL] <IRQ>[EOL] show_stack+0x52/0x5c[EOL] dump_stack_lvl+0x4a/0x63[EOL] dump_stack+0x10/0x16[EOL] ubsan_epilogue+0x9/0x36[EOL] __ubsan_handle_out_of_bounds.cold+0x44/0x49[EOL] key_extract_l3l4+0x82a/0x840 [openvswitch][EOL] ? kfree_skbmem+0x52/0xa0[EOL] key_extract+0x9c/0x2b0 [openvswitch][EOL] ovs_flow_key_extract+0x124/0x350 [openvswitch][EOL] ovs_vport_receive+0x61/0xd0 [openvswitch][EOL] ? kernel_init_free_pages.part.0+0x4a/0x70[EOL] ? get_page_from_freelist+0x353/0x540[EOL] netdev_port_receive+0xc4/0x180 [openvswitch][EOL] ? netdev_port_receive+0x180/0x180 [openvswitch][EOL] netdev_frame_hook+0x1f/0x40 [openvswitch][EOL] __netif_receive_skb_core.constprop.0+0x23a/0xf00[EOL] __netif_receive_skb_list_core+0xfa/0x240[EOL] netif_receive_skb_list_internal+0x18e/0x2a0[EOL] napi_complete_done+0x7a/0x1c0[EOL] bnxt_poll+0x155/0x1c0 [bnxt_en][EOL] __napi_poll+0x30/0x180[EOL] net_rx_action+0x126/0x280[EOL] ? bnxt_msix+0x67/0x80 [bnxt_en][EOL] handle_softirqs+0xda/0x2d0[EOL] irq_exit_rcu+0x96/0xc0[EOL] common_interrupt+0x8e/0xa0[EOL] </IRQ>

CREATE(Triage):(User=lchen-cn) [CVE-2025-38146 (https://nvd.nist.gov/vuln/detail/CVE-2025-38146)