Kernel Vulnerability in Open vSwitch Affecting Linux Kernel Systems
CVE-2025-40254

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 December 2025

What is CVE-2025-40254?

A critical issue has been identified in the Open vSwitch component of the Linux kernel, where improper validation related to the nesting of NSH attributes can lead to kernel crashes. The validation logic for setting NSH fields is flawed due to a misunderstanding of memory layouts, resulting in potential NULL pointer dereferences during operations. The incorrect handling of masked and non-masked attributes compounds this vulnerability, leading to unstable kernel behavior. All attempts to utilize this functionality can result in either validation failures or system crashes, which necessitates its removal from the codebase to prevent exploitation. Future implementations should aim to correctly address these fundamental issues for safer network management.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux b2d0f5d5dc53532e6f07bc546a476a55ebdfe0f3 < 3415faa1fcb4150f29a72c5ecf959339d797feb7

Linux b2d0f5d5dc53532e6f07bc546a476a55ebdfe0f3 < 3d2e7d3b28469081ccf08301df07cc411a1cc5e9

Linux b2d0f5d5dc53532e6f07bc546a476a55ebdfe0f3

References

https://git.kernel.org/stable/c/3415faa1fcb4150f29a72c5ec...
https://git.kernel.org/stable/c/3d2e7d3b28469081ccf08301d...
https://git.kernel.org/stable/c/f95bef5ba0b88d971b02c776f...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.