Photon OS 5.0: Openvswitch PHSA-2025-5.0-0527

An update of the openvswitch package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0527. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2025-37998

In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in outputuserspace This patch replaces the manual Netlink attribute iteration in outputuserspace with nlaforeachnested, which ensures that only well-formed attributes are processed...

DEBIAN-CVE-2025-37998

In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in outputuserspace This patch replaces the manual Netlink attribute iteration in outputuserspace with nlaforeachnested, which ensures that only well-formed attributes are processed...

UBUNTU-CVE-2025-37998

In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in outputuserspace This patch replaces the manual Netlink attribute iteration in outputuserspace with nlaforeachnested, which ensures that only well-formed attributes are processed...

CVE-2025-37998 openvswitch: Fix unsafe attribute parsing in output_userspace()

In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in outputuserspace This patch replaces the manual Netlink attribute iteration in outputuserspace with nlaforeachnested, which ensures that only well-formed attributes are processed...

CVE-2025-37998 openvswitch: Fix unsafe attribute parsing in output_userspace()

In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in outputuserspace This patch replaces the manual Netlink attribute iteration in outputuserspace with nlaforeachnested, which ensures that only well-formed attributes are processed...

CVE-2025-37998

CVE-2025-37998: Open vSwitch Netlink attribute parsing is the vulnerability. The Debian/Amazon/Linux advisories confirm the issue exists in the Linux kernel openvswitch output_userspace path and fix by replacing the manual Netlink attribute iteration with nla_for_each_nested(), ensuring only well...

Important Photon OS Security Update - PHSA-2025-5.0-0527

Updates of 'openvswitch' packages of Photon OS have been released...

The vulnerabilities of the functions nla_alloc_flow_actions() and ovs_nla_free_set_action() in the net_openvswitch/flow_netlink.c module of the Linux kernel allow a attacker to cause a service failure.

The vulnerabilities of the functions nlaallocflowactions and ovsnlafreesetaction in the netopenvswitch/flownetlink.c module of the Linux kernel are related to memory leaks. Exploiting these vulnerabilities could allow an attacker to cause a service failure...

CVE-2024-22563

openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc in openvswitch-2.17.8/lib/util.c...

PT-2025-27732

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.15.0-121-generic 131-Ubuntu Description: A vulnerability in the Linux kernel has been resolved, specifically in the openvswitch module. The issue occurs when an unexpected MPLS packet does not end with the...

Linux Kernel OpenvSwitch Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handlin...

PT-2025-23157

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue concerns unsafe attribute parsing in the output userspace function of the openvswitch module in the Linux kernel. A patch has been applied to replace manual Netlink attribute...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21761)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21761 advisory. - In the Linux kernel, the following vulnerability has been resolved: openvswitch: use RCU protection in...

CBL Mariner 2.0 Security Update: kernel (CVE-2025-21761)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21761 advisory. - In the Linux kernel, the following vulnerability has been resolved: openvswitch: use RCU protection in...

SUSE CVE-2025-37789

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set action It's not safe to access nlalenovskey if the data is smaller than the netlink header. Check that the attribute is OK first...

DEBIAN-CVE-2025-37789

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set action It's not safe to access nlalenovskey if the data is smaller than the netlink header. Check that the attribute is OK first...

UBUNTU-CVE-2025-37789

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set action It's not safe to access nlalenovskey if the data is smaller than the netlink header. Check that the attribute is OK first...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper validation of nested key lengths in openvswitch...

RHSA-2025:3965 Red Hat Security Advisory: openvswitch3.4 security update

Bulletin has no description...