{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52977", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-03-27T16:40:15.738Z", "datePublished": "2025-03-27T16:43:17.234Z", "dateUpdated": "2025-03-27T16:43:17.234Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-03-27T16:43:17.234Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix flow memory leak in ovs_flow_cmd_new\n\nSyzkaller reports a memory leak of new_flow in ovs_flow_cmd_new() as it is\nnot freed when an allocation of a key fails.\n\nBUG: memory leak\nunreferenced object 0xffff888116668000 (size 632):\n comm \"syz-executor231\", pid 1090, jiffies 4294844701 (age 18.871s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<00000000defa3494>] kmem_cache_zalloc include/linux/slab.h:654 [inline]\n [<00000000defa3494>] ovs_flow_alloc+0x19/0x180 net/openvswitch/flow_table.c:77\n [<00000000c67d8873>] ovs_flow_cmd_new+0x1de/0xd40 net/openvswitch/datapath.c:957\n [<0000000010a539a8>] genl_family_rcv_msg_doit+0x22d/0x330 net/netlink/genetlink.c:739\n [<00000000dff3302d>] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]\n [<00000000dff3302d>] genl_rcv_msg+0x328/0x590 net/netlink/genetlink.c:800\n [<000000000286dd87>] netlink_rcv_skb+0x153/0x430 net/netlink/af_netlink.c:2515\n [<0000000061fed410>] genl_rcv+0x24/0x40 net/netlink/genetlink.c:811\n [<000000009dc0f111>] netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\n [<000000009dc0f111>] netlink_unicast+0x545/0x7f0 net/netlink/af_netlink.c:1339\n [<000000004a5ee816>] netlink_sendmsg+0x8e7/0xde0 net/netlink/af_netlink.c:1934\n [<00000000482b476f>] sock_sendmsg_nosec net/socket.c:651 [inline]\n [<00000000482b476f>] sock_sendmsg+0x152/0x190 net/socket.c:671\n [<00000000698574ba>] ____sys_sendmsg+0x70a/0x870 net/socket.c:2356\n [<00000000d28d9e11>] ___sys_sendmsg+0xf3/0x170 net/socket.c:2410\n [<0000000083ba9120>] __sys_sendmsg+0xe5/0x1b0 net/socket.c:2439\n [<00000000c00628f8>] do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n [<000000004abfdcf4>] entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nTo fix this the patch rearranges the goto labels to reflect the order of\nobject allocations and adds appropriate goto statements on the error\npaths.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/openvswitch/datapath.c"], "versions": [{"version": "655e873bf528f0f46ce6b069f9a2daee9621197c", "lessThan": "1ac653cf886cdfc082708c82dc6ac6115cebd2ee", "status": "affected", "versionType": "git"}, {"version": "ee27d70556a47c3a07e65a60f47e3ea12a255af8", "lessThan": "af4e720bc00a2653f7b9df21755b9978b3d7f386", "status": "affected", "versionType": "git"}, {"version": "8b74211bf60b3e0c0ed4fe3d16c92ffdcaaf34eb", "lessThan": "ed6c5e8caf55778500202775167e8ccdb1a030cb", "status": "affected", "versionType": "git"}, {"version": "6736b61ecf230dd656464de0f514bdeadb384f20", "lessThan": "70154489f531587996f3e9d7cceeee65cff0001d", "status": "affected", "versionType": "git"}, {"version": "0133615a06007684df648feb9d327714e399afd4", "lessThan": "f423c2efd51d7eb1d143c2be7eea233241d9bbbf", "status": "affected", "versionType": "git"}, {"version": "32d5fa5bdccec2361fc6c4ed05a7367155b3a1e9", "lessThan": "70d40674a549d498bd63d5432acf46205da1534b", "status": "affected", "versionType": "git"}, {"version": "68bb10101e6b0a6bb44e9c908ef795fc4af99eae", "lessThan": "0c598aed445eb45b0ee7ba405f7ece99ee349c30", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/openvswitch/datapath.c"], "versions": [{"version": "4.14.303", "lessThan": "4.14.306", "status": "affected", "versionType": "semver"}, {"version": "4.19.270", "lessThan": "4.19.273", "status": "affected", "versionType": "semver"}, {"version": "5.4.229", "lessThan": "5.4.232", "status": "affected", "versionType": "semver"}, {"version": "5.10.163", "lessThan": "5.10.168", "status": "affected", "versionType": "semver"}, {"version": "5.15.86", "lessThan": "5.15.93", "status": "affected", "versionType": "semver"}, {"version": "6.1.2", "lessThan": "6.1.11", "status": "affected", "versionType": "semver"}]}], "references": [{"url": "https://git.kernel.org/stable/c/1ac653cf886cdfc082708c82dc6ac6115cebd2ee"}, {"url": "https://git.kernel.org/stable/c/af4e720bc00a2653f7b9df21755b9978b3d7f386"}, {"url": "https://git.kernel.org/stable/c/ed6c5e8caf55778500202775167e8ccdb1a030cb"}, {"url": "https://git.kernel.org/stable/c/70154489f531587996f3e9d7cceeee65cff0001d"}, {"url": "https://git.kernel.org/stable/c/f423c2efd51d7eb1d143c2be7eea233241d9bbbf"}, {"url": "https://git.kernel.org/stable/c/70d40674a549d498bd63d5432acf46205da1534b"}, {"url": "https://git.kernel.org/stable/c/0c598aed445eb45b0ee7ba405f7ece99ee349c30"}], "title": "net: openvswitch: fix flow memory leak in ovs_flow_cmd_new", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C8C5100-ECF6-4F64-9489-EFC7923A7591", "versionEndExcluding": "4.10", "versionStartIncluding": "4.9.337", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FD566E7-A4C9-4B80-8066-8813E4F64980", "versionEndExcluding": "4.14.306", "versionStartIncluding": "4.14.303", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B5F7481-6295-443C-8297-AAA7400EAF0C", "versionEndExcluding": "4.19.273", "versionStartIncluding": "4.19.270", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8FD5F9C-EDEC-495D-9CA3-4D3154063522", "versionEndExcluding": "5.4.232", "versionStartIncluding": "5.4.229", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C254C95-139A-4910-972B-2E64E3030DB5", "versionEndExcluding": "5.10.168", "versionStartIncluding": "5.10.163", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "21081389-6ED8-4898-80ED-81EF6A2B1FEC", "versionEndExcluding": "5.15.93", "versionStartIncluding": "5.15.86", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C7522E3-150F-436D-BBD7-96C7B4B795ED", "versionEndExcluding": "6.1", "versionStartIncluding": "6.0.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AACE63B-510D-430C-ACD9-34922D790040", "versionEndExcluding": "6.1.11", "versionStartIncluding": "6.1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix flow memory leak in ovs_flow_cmd_new\n\nSyzkaller reports a memory leak of new_flow in ovs_flow_cmd_new() as it is\nnot freed when an allocation of a key fails.\n\nBUG: memory leak\nunreferenced object 0xffff888116668000 (size 632):\n comm \"syz-executor231\", pid 1090, jiffies 4294844701 (age 18.871s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<00000000defa3494>] kmem_cache_zalloc include/linux/slab.h:654 [inline]\n [<00000000defa3494>] ovs_flow_alloc+0x19/0x180 net/openvswitch/flow_table.c:77\n [<00000000c67d8873>] ovs_flow_cmd_new+0x1de/0xd40 net/openvswitch/datapath.c:957\n [<0000000010a539a8>] genl_family_rcv_msg_doit+0x22d/0x330 net/netlink/genetlink.c:739\n [<00000000dff3302d>] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]\n [<00000000dff3302d>] genl_rcv_msg+0x328/0x590 net/netlink/genetlink.c:800\n [<000000000286dd87>] netlink_rcv_skb+0x153/0x430 net/netlink/af_netlink.c:2515\n [<0000000061fed410>] genl_rcv+0x24/0x40 net/netlink/genetlink.c:811\n [<000000009dc0f111>] netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\n [<000000009dc0f111>] netlink_unicast+0x545/0x7f0 net/netlink/af_netlink.c:1339\n [<000000004a5ee816>] netlink_sendmsg+0x8e7/0xde0 net/netlink/af_netlink.c:1934\n [<00000000482b476f>] sock_sendmsg_nosec net/socket.c:651 [inline]\n [<00000000482b476f>] sock_sendmsg+0x152/0x190 net/socket.c:671\n [<00000000698574ba>] ____sys_sendmsg+0x70a/0x870 net/socket.c:2356\n [<00000000d28d9e11>] ___sys_sendmsg+0xf3/0x170 net/socket.c:2410\n [<0000000083ba9120>] __sys_sendmsg+0xe5/0x1b0 net/socket.c:2439\n [<00000000c00628f8>] do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n [<000000004abfdcf4>] entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nTo fix this the patch rearranges the goto labels to reflect the order of\nobject allocations and adds appropriate goto statements on the error\npaths.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: openvswitch: corrige p\u00e9rdida de memoria de flujo en ovs_flow_cmd_new Syzkaller informa una p\u00e9rdida de memoria de new_flow en ovs_flow_cmd_new() ya que no se libera cuando falla la asignaci\u00f3n de una clave. ERROR: Fuga de memoria, objeto no referenciado 0xffff888116668000 (tama\u00f1o 632): comunicaci\u00f3n \"syz-executor231\", pid 1090, jiffies 4294844701 (edad 18.871 s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ seguimiento inverso: [&lt;00000000defa3494&gt;] kmem_cache_zalloc include/linux/slab.h:654 [en l\u00ednea] [&lt;00000000defa3494&gt;] ovs_flow_alloc+0x19/0x180 net/openvswitch/flow_table.c:77 [&lt;00000000c67d8873&gt;] ovs_flow_cmd_new+0x1de/0xd40 net/openvswitch/datapath.c:957 [&lt;0000000010a539a8&gt;] genl_family_rcv_msg_doit+0x22d/0x330 net/netlink/genetlink.c:739 [&lt;00000000dff3302d&gt;] genl_family_rcv_msg net/netlink/genetlink.c:783 [en l\u00ednea] [&lt;00000000dff3302d&gt;] genl_rcv_msg+0x328/0x590 net/netlink/genetlink.c:800 [&lt;000000000286dd87&gt;] netlink_rcv_skb+0x153/0x430 net/netlink/af_netlink.c:2515 [&lt;0000000061fed410&gt;] genl_rcv+0x24/0x40 net/netlink/genetlink.c:811 [&lt;000000009dc0f111&gt;] netlink_unicast_kernel net/netlink/af_netlink.c:1313 [en l\u00ednea] [&lt;000000009dc0f111&gt;] netlink_unicast+0x545/0x7f0 net/netlink/af_netlink.c:1339 [&lt;000000004a5ee816&gt;] netlink_sendmsg+0x8e7/0xde0 net/netlink/af_netlink.c:1934 [&lt;00000000482b476f&gt;] sock_sendmsg_nosec net/socket.c:651 [en l\u00ednea] [&lt;00000000482b476f&gt;] sock_sendmsg+0x152/0x190 net/socket.c:671 [&lt;00000000698574ba&gt;] ____sys_sendmsg+0x70a/0x870 net/socket.c:2356 [&lt;00000000d28d9e11&gt;] ___sys_sendmsg+0xf3/0x170 net/socket.c:2410 [&lt;0000000083ba9120&gt;] __sys_sendmsg+0xe5/0x1b0 net/socket.c:2439 [&lt;00000000c00628f8&gt;] do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46 [&lt;000000004abfdcf4&gt;] entry_SYSCALL_64_after_hwframe+0x61/0xc6 Para solucionar esto, el parche reorganiza las etiquetas goto para reflejar el orden de asignaci\u00f3n de objetos y a\u00f1ade instrucciones goto adecuadas en las rutas de error. Encontrado por el Centro de Verificaci\u00f3n de Linux (linuxtesting.org) con Syzkaller."}], "id": "CVE-2023-52977", "lastModified": "2025-04-15T14:49:08.120", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-03-27T17:15:44.793", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0c598aed445eb45b0ee7ba405f7ece99ee349c30"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1ac653cf886cdfc082708c82dc6ac6115cebd2ee"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/70154489f531587996f3e9d7cceeee65cff0001d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/70d40674a549d498bd63d5432acf46205da1534b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/af4e720bc00a2653f7b9df21755b9978b3d7f386"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ed6c5e8caf55778500202775167e8ccdb1a030cb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f423c2efd51d7eb1d143c2be7eea233241d9bbbf"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:7077", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-513.5.1.el8_9", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-14T00:00:00Z"}, {"advisory": "RHSA-2023:6583", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-362.8.1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}, {"advisory": "RHSA-2023:6583", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-362.8.1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}], "bugzilla": {"description": "kernel: net: openvswitch: fix flow memory leak in ovs_flow_cmd_new", "id": "2355538", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355538"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "status": "verified"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: openvswitch: fix flow memory leak in ovs_flow_cmd_new\nSyzkaller reports a memory leak of new_flow in ovs_flow_cmd_new() as it is\nnot freed when an allocation of a key fails.\nBUG: memory leak\nunreferenced object 0xffff888116668000 (size 632):\ncomm \"syz-executor231\", pid 1090, jiffies 4294844701 (age 18.871s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace:\n[<00000000defa3494>] kmem_cache_zalloc include/linux/slab.h:654 [inline]\n[<00000000defa3494>] ovs_flow_alloc+0x19/0x180 net/openvswitch/flow_table.c:77\n[<00000000c67d8873>] ovs_flow_cmd_new+0x1de/0xd40 net/openvswitch/datapath.c:957\n[<0000000010a539a8>] genl_family_rcv_msg_doit+0x22d/0x330 net/netlink/genetlink.c:739\n[<00000000dff3302d>] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]\n[<00000000dff3302d>] genl_rcv_msg+0x328/0x590 net/netlink/genetlink.c:800\n[<000000000286dd87>] netlink_rcv_skb+0x153/0x430 net/netlink/af_netlink.c:2515\n[<0000000061fed410>] genl_rcv+0x24/0x40 net/netlink/genetlink.c:811\n[<000000009dc0f111>] netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\n[<000000009dc0f111>] netlink_unicast+0x545/0x7f0 net/netlink/af_netlink.c:1339\n[<000000004a5ee816>] netlink_sendmsg+0x8e7/0xde0 net/netlink/af_netlink.c:1934\n[<00000000482b476f>] sock_sendmsg_nosec net/socket.c:651 [inline]\n[<00000000482b476f>] sock_sendmsg+0x152/0x190 net/socket.c:671\n[<00000000698574ba>] ____sys_sendmsg+0x70a/0x870 net/socket.c:2356\n[<00000000d28d9e11>] ___sys_sendmsg+0xf3/0x170 net/socket.c:2410\n[<0000000083ba9120>] __sys_sendmsg+0xe5/0x1b0 net/socket.c:2439\n[<00000000c00628f8>] do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n[<000000004abfdcf4>] entry_SYSCALL_64_after_hwframe+0x61/0xc6\nTo fix this the patch rearranges the goto labels to reflect the order of\nobject allocations and adds appropriate goto statements on the error\npaths.\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."], "name": "CVE-2023-52977", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-03-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52977\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52977\nhttps://lore.kernel.org/linux-cve-announce/2025032704-CVE-2023-52977-f91d@gregkh/T"], "threat_severity": "Moderate"}