Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: nsh: Added restoration of skb-protocol, data, macheader for the outer header in nshgsosegment. The syzbot exploited various vulnerabilities by using a crafted GSO packet for VIRTIONETHDRGSOUDP that included the following...

EEF-CVE-2026-47066 Infinite loop in Alt-Svc header parser in hackney

Summary Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackneyaltsvc.erl does not guarantee forward progress. When parsetoken/2 receives a non-token, non-whitespace, non-comma byte e.g. !...

📄 ASUS Router Multi-Stage Command Injection

A multi‑stage command injection vulnerability allows an attacker to achieve remote command execution on a vulnerable ASUS router by abusing the SETROOTCERTIFICATE and APPLYAPP HTTP methods. In the first stage, a malicious shell script is uploaded to the target system disguised as a certificate fi...

net: openvswitch: fix middle attribute validation in push_nsh() action

...

CVE-2025-68785

A slab-out-of-bounds read vulnerability was found in the Linux kernel's Open vSwitch OVS module. The pushnsh action does not validate the middle nested attribute OVSKEYATTRNSH between the outer action and inner key attributes. When the middle attribute has an incorrect size, the nladata unwrap...

CVE-2025-68785

CVE-2025-68785 concerns a Linux kernel openvswitch vulnerability in the push_nsh() action. The root cause is missing validation of the middle NSH attribute (not guaranteed to be OVS_KEY_ATTR_NSH) inside the action nesting, allowing unsafe access during validation and nested nla processing. The ci...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: net: openvswitch: removed the never-working support for setting nsh fields. The validation of the setnsh... action is completely incorrect. It involves the nshkeyputfromnlattr function, which is the same function used to...

curl: PROTOCOL-LEVEL: Persistent UDP Amplification and Cache Poisoning via Alt-Svc Logic Flaw

Summary A structural logic flaw in the libcurl Alt-Svc header parser allows attack attributes specifically persist and max-age to "leak" from one service definition to another. We have successfully chained this logic bug with curl's HTTP/3 QUIC support to demonstrate a Persistent UDP Amplificatio...

net: openvswitch: remove never-working support for setting nsh fields

...

EUVD-2025-201203

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: remove never-working support for setting nsh fields The validation of the setnsh... action is completely wrong. It runs through the nshkeyputfromnlattr function that is the same function that validates NSH keys...

CVE-2025-40254

CVE-2025-40254 targets the Linux kernel openvswitch nsh field handling. The issue stems from incorrect validation of set(nsh(...)) due to a mismatched memory layout and confusing mask vs value flags, which can cause kernel NULL pointer dereferences or crashes during validation. The advisory notes...

CVE-2025-40254 net: openvswitch: remove never-working support for setting nsh fields

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: remove never-working support for setting nsh fields The validation of the setnsh... action is completely wrong. It runs through the nshkeyputfromnlattr function that is the same function that validates NSH keys...

CVE-2025-40254

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: remove never-working support for setting nsh fields The validation of the setnsh... action is completely wrong. It runs through the nshkeyputfromnlattr function that is the same function that validates NSH keys...

CVE-2025-40254 net: openvswitch: remove never-working support for setting nsh fields

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: remove never-working support for setting nsh fields The validation of the setnsh... action is completely wrong. It runs through the nshkeyputfromnlattr function that is the same function that validates NSH keys...

CVE-2025-63932

CVE-2025-63932 affects the D-Link Router DIR-868L (A1, FW106KRb01.bin). The cgibin HNAP service does not filter the HTTP SOAPAction header, enabling an unauthenticated remote code execution via shell command execution. Red Hat, ENISA EUVD, CIRCL, NVD, and CVE listings corroborate an unauthenticat...

EUVD-2017-7139

Malicious code in bioql PyPI...

kernel: Linux kernel: Denial of Service due to incorrect network packet processing in NSH module

A flaw was found in the Linux kernel, specifically within its Network Service Header NSH module. A local attacker could exploit this vulnerability by sending specially crafted network packets, which would cause the system to crash. This issue, a type of Denial of Service DoS, arises from an...

Amazon Linux 2 : docker (ALASECS-2025-059)

The version of docker installed on the remote host is prior to 20.10.17-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-059 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read t...

kernel: Linux kernel: Denial of Service due to incorrect network packet processing in NSH module

A flaw was found in the Linux kernel, specifically within its Network Service Header NSH module. A local attacker could exploit this vulnerability by sending specially crafted network packets, which would cause the system to crash. This issue, a type of Denial of Service DoS, arises from an...

kernel: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().

In the Linux kernel, the following vulnerability has been resolved: nsh: Restore skb-protocol,data,macheader for outer header in nshgsosegment. syzbot triggered various splats see 0 and links by a crafted GSO packet of VIRTIONETHDRGSOUDP layering the following protocols: ETHP8021AD + ETHPNSH +...