{"api_version":"1","generated_at":"2026-06-03T11:06:17+00:00","cve":"CVE-2025-40254","urls":{"html":"https://cve.report/CVE-2025-40254","api":"https://cve.report/api/cve/CVE-2025-40254.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-40254","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-40254"},"summary":{"title":"net: openvswitch: remove never-working support for setting nsh fields","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: remove never-working support for setting nsh fields\n\nThe validation of the set(nsh(...)) action is completely wrong.\nIt runs through the nsh_key_put_from_nlattr() function that is the\nsame function that validates NSH keys for the flow match and the\npush_nsh() action.  However, the set(nsh(...)) has a very different\nmemory layout.  Nested attributes in there are doubled in size in\ncase of the masked set().  That makes proper validation impossible.\n\nThere is also confusion in the code between the 'masked' flag, that\nsays that the nested attributes are doubled in size containing both\nthe value and the mask, and the 'is_mask' that says that the value\nwe're parsing is the mask.  This is causing kernel crash on trying to\nwrite into mask part of the match with SW_FLOW_KEY_PUT() during\nvalidation, while validate_nsh() doesn't allocate any memory for it:\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000018\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 1c2383067 P4D 1c2383067 PUD 20b703067 PMD 0\n  Oops: Oops: 0000 [#1] SMP NOPTI\n  CPU: 8 UID: 0 Kdump: loaded Not tainted 6.17.0-rc4+ #107 PREEMPT(voluntary)\n  RIP: 0010:nsh_key_put_from_nlattr+0x19d/0x610 [openvswitch]\n  Call Trace:\n   <TASK>\n   validate_nsh+0x60/0x90 [openvswitch]\n   validate_set.constprop.0+0x270/0x3c0 [openvswitch]\n   __ovs_nla_copy_actions+0x477/0x860 [openvswitch]\n   ovs_nla_copy_actions+0x8d/0x100 [openvswitch]\n   ovs_packet_cmd_execute+0x1cc/0x310 [openvswitch]\n   genl_family_rcv_msg_doit+0xdb/0x130\n   genl_family_rcv_msg+0x14b/0x220\n   genl_rcv_msg+0x47/0xa0\n   netlink_rcv_skb+0x53/0x100\n   genl_rcv+0x24/0x40\n   netlink_unicast+0x280/0x3b0\n   netlink_sendmsg+0x1f7/0x430\n   ____sys_sendmsg+0x36b/0x3a0\n   ___sys_sendmsg+0x87/0xd0\n   __sys_sendmsg+0x6d/0xd0\n   do_syscall_64+0x7b/0x2c0\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe third issue with this process is that while trying to convert\nthe non-masked set into masked one, validate_set() copies and doubles\nthe size of the OVS_KEY_ATTR_NSH as if it didn't have any nested\nattributes.  It should be copying each nested attribute and doubling\nthem in size independently.  And the process must be properly reversed\nduring the conversion back from masked to a non-masked variant during\nthe flow dump.\n\nIn the end, the only two outcomes of trying to use this action are\neither validation failure or a kernel crash.  And if somehow someone\nmanages to install a flow with such an action, it will most definitely\nnot do what it is supposed to, since all the keys and the masks are\nmixed up.\n\nFixing all the issues is a complex task as it requires re-writing\nmost of the validation code.\n\nGiven that and the fact that this functionality never worked since\nintroduction, let's just remove it altogether.  It's better to\nre-introduce it later with a proper implementation instead of trying\nto fix it in stable releases.","state":"PUBLISHED","assigner":"Linux","published_at":"2025-12-04 16:16:19","updated_at":"2026-06-02 14:16:32"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/dfe28c4167a9259fc0c372d9f9473e1ac95cff67","name":"https://git.kernel.org/stable/c/dfe28c4167a9259fc0c372d9f9473e1ac95cff67","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/9c61d8fe1350b7322f4953318165d6719c3b1475","name":"https://git.kernel.org/stable/c/9c61d8fe1350b7322f4953318165d6719c3b1475","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/3415faa1fcb4150f29a72c5ecf959339d797feb7","name":"https://git.kernel.org/stable/c/3415faa1fcb4150f29a72c5ecf959339d797feb7","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/4689ba45296dbb3a47e70a1bc2ed0328263e48f3","name":"https://git.kernel.org/stable/c/4689ba45296dbb3a47e70a1bc2ed0328263e48f3","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-253495.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-253495.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/3d2e7d3b28469081ccf08301df07cc411a1cc5e9","name":"https://git.kernel.org/stable/c/3d2e7d3b28469081ccf08301df07cc411a1cc5e9","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/f95bef5ba0b88d971b02c776f24bd17544930a3a","name":"https://git.kernel.org/stable/c/f95bef5ba0b88d971b02c776f24bd17544930a3a","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/0b903f33c31c82b1c3591279fd8a23893802b987","name":"https://git.kernel.org/stable/c/0b903f33c31c82b1c3591279fd8a23893802b987","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/87d2429381ddcf8cbd30c8c36793a4f7916d5f99","name":"https://git.kernel.org/stable/c/87d2429381ddcf8cbd30c8c36793a4f7916d5f99","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-40254","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40254","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected b2d0f5d5dc53532e6f07bc546a476a55ebdfe0f3 3415faa1fcb4150f29a72c5ecf959339d797feb7 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected b2d0f5d5dc53532e6f07bc546a476a55ebdfe0f3 3d2e7d3b28469081ccf08301df07cc411a1cc5e9 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected b2d0f5d5dc53532e6f07bc546a476a55ebdfe0f3 f95bef5ba0b88d971b02c776f24bd17544930a3a git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected b2d0f5d5dc53532e6f07bc546a476a55ebdfe0f3 87d2429381ddcf8cbd30c8c36793a4f7916d5f99 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected b2d0f5d5dc53532e6f07bc546a476a55ebdfe0f3 0b903f33c31c82b1c3591279fd8a23893802b987 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected b2d0f5d5dc53532e6f07bc546a476a55ebdfe0f3 9c61d8fe1350b7322f4953318165d6719c3b1475 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected b2d0f5d5dc53532e6f07bc546a476a55ebdfe0f3 4689ba45296dbb3a47e70a1bc2ed0328263e48f3 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected b2d0f5d5dc53532e6f07bc546a476a55ebdfe0f3 dfe28c4167a9259fc0c372d9f9473e1ac95cff67 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4.15","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 4.15 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.4.302 5.4.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.10.247 5.10.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15.197 5.15.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.159 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.118 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.60 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.17.10 6.17.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18 * original_commit_for_fix","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"RUGGEDCOM RST2428P","version":"affected V4.0 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"40254","cve":"CVE-2025-40254","epss":"0.000670000","percentile":"0.207630000","score_date":"2026-06-02","updated_at":"2026-06-03 00:08:15"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"affected":[{"defaultStatus":"unknown","product":"RUGGEDCOM RST2428P","vendor":"Siemens","versions":[{"lessThan":"V4.0","status":"affected","version":"0","versionType":"custom"}]}],"providerMetadata":{"dateUpdated":"2026-06-02T13:00:09.064Z","orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP"},"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-253495.html"}],"x_adpType":"supplier"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["net/openvswitch/actions.c","net/openvswitch/flow_netlink.c","net/openvswitch/flow_netlink.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"3415faa1fcb4150f29a72c5ecf959339d797feb7","status":"affected","version":"b2d0f5d5dc53532e6f07bc546a476a55ebdfe0f3","versionType":"git"},{"lessThan":"3d2e7d3b28469081ccf08301df07cc411a1cc5e9","status":"affected","version":"b2d0f5d5dc53532e6f07bc546a476a55ebdfe0f3","versionType":"git"},{"lessThan":"f95bef5ba0b88d971b02c776f24bd17544930a3a","status":"affected","version":"b2d0f5d5dc53532e6f07bc546a476a55ebdfe0f3","versionType":"git"},{"lessThan":"87d2429381ddcf8cbd30c8c36793a4f7916d5f99","status":"affected","version":"b2d0f5d5dc53532e6f07bc546a476a55ebdfe0f3","versionType":"git"},{"lessThan":"0b903f33c31c82b1c3591279fd8a23893802b987","status":"affected","version":"b2d0f5d5dc53532e6f07bc546a476a55ebdfe0f3","versionType":"git"},{"lessThan":"9c61d8fe1350b7322f4953318165d6719c3b1475","status":"affected","version":"b2d0f5d5dc53532e6f07bc546a476a55ebdfe0f3","versionType":"git"},{"lessThan":"4689ba45296dbb3a47e70a1bc2ed0328263e48f3","status":"affected","version":"b2d0f5d5dc53532e6f07bc546a476a55ebdfe0f3","versionType":"git"},{"lessThan":"dfe28c4167a9259fc0c372d9f9473e1ac95cff67","status":"affected","version":"b2d0f5d5dc53532e6f07bc546a476a55ebdfe0f3","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["net/openvswitch/actions.c","net/openvswitch/flow_netlink.c","net/openvswitch/flow_netlink.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"4.15"},{"lessThan":"4.15","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"5.4.*","status":"unaffected","version":"5.4.302","versionType":"semver"},{"lessThanOrEqual":"5.10.*","status":"unaffected","version":"5.10.247","versionType":"semver"},{"lessThanOrEqual":"5.15.*","status":"unaffected","version":"5.15.197","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.159","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.118","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.60","versionType":"semver"},{"lessThanOrEqual":"6.17.*","status":"unaffected","version":"6.17.10","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"6.18","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.4.302","versionStartIncluding":"4.15","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.247","versionStartIncluding":"4.15","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.197","versionStartIncluding":"4.15","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.159","versionStartIncluding":"4.15","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.118","versionStartIncluding":"4.15","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.60","versionStartIncluding":"4.15","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.17.10","versionStartIncluding":"4.15","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18","versionStartIncluding":"4.15","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: remove never-working support for setting nsh fields\n\nThe validation of the set(nsh(...)) action is completely wrong.\nIt runs through the nsh_key_put_from_nlattr() function that is the\nsame function that validates NSH keys for the flow match and the\npush_nsh() action.  However, the set(nsh(...)) has a very different\nmemory layout.  Nested attributes in there are doubled in size in\ncase of the masked set().  That makes proper validation impossible.\n\nThere is also confusion in the code between the 'masked' flag, that\nsays that the nested attributes are doubled in size containing both\nthe value and the mask, and the 'is_mask' that says that the value\nwe're parsing is the mask.  This is causing kernel crash on trying to\nwrite into mask part of the match with SW_FLOW_KEY_PUT() during\nvalidation, while validate_nsh() doesn't allocate any memory for it:\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000018\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 1c2383067 P4D 1c2383067 PUD 20b703067 PMD 0\n  Oops: Oops: 0000 [#1] SMP NOPTI\n  CPU: 8 UID: 0 Kdump: loaded Not tainted 6.17.0-rc4+ #107 PREEMPT(voluntary)\n  RIP: 0010:nsh_key_put_from_nlattr+0x19d/0x610 [openvswitch]\n  Call Trace:\n   <TASK>\n   validate_nsh+0x60/0x90 [openvswitch]\n   validate_set.constprop.0+0x270/0x3c0 [openvswitch]\n   __ovs_nla_copy_actions+0x477/0x860 [openvswitch]\n   ovs_nla_copy_actions+0x8d/0x100 [openvswitch]\n   ovs_packet_cmd_execute+0x1cc/0x310 [openvswitch]\n   genl_family_rcv_msg_doit+0xdb/0x130\n   genl_family_rcv_msg+0x14b/0x220\n   genl_rcv_msg+0x47/0xa0\n   netlink_rcv_skb+0x53/0x100\n   genl_rcv+0x24/0x40\n   netlink_unicast+0x280/0x3b0\n   netlink_sendmsg+0x1f7/0x430\n   ____sys_sendmsg+0x36b/0x3a0\n   ___sys_sendmsg+0x87/0xd0\n   __sys_sendmsg+0x6d/0xd0\n   do_syscall_64+0x7b/0x2c0\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe third issue with this process is that while trying to convert\nthe non-masked set into masked one, validate_set() copies and doubles\nthe size of the OVS_KEY_ATTR_NSH as if it didn't have any nested\nattributes.  It should be copying each nested attribute and doubling\nthem in size independently.  And the process must be properly reversed\nduring the conversion back from masked to a non-masked variant during\nthe flow dump.\n\nIn the end, the only two outcomes of trying to use this action are\neither validation failure or a kernel crash.  And if somehow someone\nmanages to install a flow with such an action, it will most definitely\nnot do what it is supposed to, since all the keys and the masks are\nmixed up.\n\nFixing all the issues is a complex task as it requires re-writing\nmost of the validation code.\n\nGiven that and the fact that this functionality never worked since\nintroduction, let's just remove it altogether.  It's better to\nre-introduce it later with a proper implementation instead of trying\nto fix it in stable releases."}],"providerMetadata":{"dateUpdated":"2026-05-11T21:45:46.643Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/3415faa1fcb4150f29a72c5ecf959339d797feb7"},{"url":"https://git.kernel.org/stable/c/3d2e7d3b28469081ccf08301df07cc411a1cc5e9"},{"url":"https://git.kernel.org/stable/c/f95bef5ba0b88d971b02c776f24bd17544930a3a"},{"url":"https://git.kernel.org/stable/c/87d2429381ddcf8cbd30c8c36793a4f7916d5f99"},{"url":"https://git.kernel.org/stable/c/0b903f33c31c82b1c3591279fd8a23893802b987"},{"url":"https://git.kernel.org/stable/c/9c61d8fe1350b7322f4953318165d6719c3b1475"},{"url":"https://git.kernel.org/stable/c/4689ba45296dbb3a47e70a1bc2ed0328263e48f3"},{"url":"https://git.kernel.org/stable/c/dfe28c4167a9259fc0c372d9f9473e1ac95cff67"}],"title":"net: openvswitch: remove never-working support for setting nsh fields","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2025-40254","datePublished":"2025-12-04T16:08:16.305Z","dateReserved":"2025-04-16T07:20:57.181Z","dateUpdated":"2026-06-02T13:00:09.064Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-12-04 16:16:19","lastModifiedDate":"2026-06-02 14:16:32","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"40254","Ordinal":"1","Title":"net: openvswitch: remove never-working support for setting nsh f","CVE":"CVE-2025-40254","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"40254","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: remove never-working support for setting nsh fields\n\nThe validation of the set(nsh(...)) action is completely wrong.\nIt runs through the nsh_key_put_from_nlattr() function that is the\nsame function that validates NSH keys for the flow match and the\npush_nsh() action.  However, the set(nsh(...)) has a very different\nmemory layout.  Nested attributes in there are doubled in size in\ncase of the masked set().  That makes proper validation impossible.\n\nThere is also confusion in the code between the 'masked' flag, that\nsays that the nested attributes are doubled in size containing both\nthe value and the mask, and the 'is_mask' that says that the value\nwe're parsing is the mask.  This is causing kernel crash on trying to\nwrite into mask part of the match with SW_FLOW_KEY_PUT() during\nvalidation, while validate_nsh() doesn't allocate any memory for it:\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000018\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 1c2383067 P4D 1c2383067 PUD 20b703067 PMD 0\n  Oops: Oops: 0000 [#1] SMP NOPTI\n  CPU: 8 UID: 0 Kdump: loaded Not tainted 6.17.0-rc4+ #107 PREEMPT(voluntary)\n  RIP: 0010:nsh_key_put_from_nlattr+0x19d/0x610 [openvswitch]\n  Call Trace:\n   <TASK>\n   validate_nsh+0x60/0x90 [openvswitch]\n   validate_set.constprop.0+0x270/0x3c0 [openvswitch]\n   __ovs_nla_copy_actions+0x477/0x860 [openvswitch]\n   ovs_nla_copy_actions+0x8d/0x100 [openvswitch]\n   ovs_packet_cmd_execute+0x1cc/0x310 [openvswitch]\n   genl_family_rcv_msg_doit+0xdb/0x130\n   genl_family_rcv_msg+0x14b/0x220\n   genl_rcv_msg+0x47/0xa0\n   netlink_rcv_skb+0x53/0x100\n   genl_rcv+0x24/0x40\n   netlink_unicast+0x280/0x3b0\n   netlink_sendmsg+0x1f7/0x430\n   ____sys_sendmsg+0x36b/0x3a0\n   ___sys_sendmsg+0x87/0xd0\n   __sys_sendmsg+0x6d/0xd0\n   do_syscall_64+0x7b/0x2c0\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe third issue with this process is that while trying to convert\nthe non-masked set into masked one, validate_set() copies and doubles\nthe size of the OVS_KEY_ATTR_NSH as if it didn't have any nested\nattributes.  It should be copying each nested attribute and doubling\nthem in size independently.  And the process must be properly reversed\nduring the conversion back from masked to a non-masked variant during\nthe flow dump.\n\nIn the end, the only two outcomes of trying to use this action are\neither validation failure or a kernel crash.  And if somehow someone\nmanages to install a flow with such an action, it will most definitely\nnot do what it is supposed to, since all the keys and the masks are\nmixed up.\n\nFixing all the issues is a complex task as it requires re-writing\nmost of the validation code.\n\nGiven that and the fact that this functionality never worked since\nintroduction, let's just remove it altogether.  It's better to\nre-introduce it later with a proper implementation instead of trying\nto fix it in stable releases.","Type":"Description","Title":"net: openvswitch: remove never-working support for setting nsh f"}]}}}