Fixed
Created: Dec 10, 2025
Updated: Dec 11, 2025
Resolved Date: Dec 10, 2025
Found In Version: 10.23.30.1
Fix Version: 10.23.30.2
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]net: openvswitch: reject negative ifindex[EOL][EOL]Recent changes in net-next (commit 759ab1edb56c ("net: store netdevs[EOL]in an xarray")) refactored the handling of pre-assigned ifindexes[EOL]and let syzbot surface a latent problem in ovs. ovs does not validate[EOL]ifindex, making it possible to create netdev ports with negative[EOL]ifindex values. It's easy to repro with YNL:[EOL][EOL]$ ./cli.py --spec netlink/specs/ovs_datapath.yaml --do new \t --json '{"upcall-pid": 1, "name":"my-dp"}'[EOL]$ ./cli.py --spec netlink/specs/ovs_vport.yaml \t --do new \t --json '{"upcall-pid": "00000001", "name": "some-port0", "dp-ifindex":3,"ifindex":4294901760,"type":2}'[EOL][EOL]$ ip link show[EOL]-65536: some-port0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000[EOL] link/ether 7a:48:21:ad:0b:fb brd ff:ff:ff:ff:ff:ff[EOL]...[EOL][EOL]Validate the inputs. Now the second command correctly returns:[EOL][EOL]$ ./cli.py --spec netlink/specs/ovs_vport.yaml \t --do new \t --json '{"upcall-pid": "00000001", "name": "some-port0", "dp-ifindex":3,"ifindex":4294901760,"type":2}'[EOL][EOL]lib.ynl.NlError: Netlink error: Numerical result out of range[EOL]nl_len = 108 (92) nl_flags = 0x300 nl_type = 2[EOL]\terror: -34\textack: {'msg': 'integer out of range', 'unknown': [[type:4 len:36] b'\x0c\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x03\x00ÿÿÿ\x7f\x00\x00\x00\x00\x08\x00\x01\x00\x08\x00\x00\x00\, 'bad-attr': '.ifindex'}[EOL][EOL]Accept 0 since it used to be silently ignored.
']
