{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-52977","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-03-27T16:40:15.738Z","datePublished":"2025-03-27T16:43:17.234Z","dateUpdated":"2026-05-11T19:36:16.445Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:36:16.445Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix flow memory leak in ovs_flow_cmd_new\n\nSyzkaller reports a memory leak of new_flow in ovs_flow_cmd_new() as it is\nnot freed when an allocation of a key fails.\n\nBUG: memory leak\nunreferenced object 0xffff888116668000 (size 632):\n  comm \"syz-executor231\", pid 1090, jiffies 4294844701 (age 18.871s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace:\n    [<00000000defa3494>] kmem_cache_zalloc include/linux/slab.h:654 [inline]\n    [<00000000defa3494>] ovs_flow_alloc+0x19/0x180 net/openvswitch/flow_table.c:77\n    [<00000000c67d8873>] ovs_flow_cmd_new+0x1de/0xd40 net/openvswitch/datapath.c:957\n    [<0000000010a539a8>] genl_family_rcv_msg_doit+0x22d/0x330 net/netlink/genetlink.c:739\n    [<00000000dff3302d>] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]\n    [<00000000dff3302d>] genl_rcv_msg+0x328/0x590 net/netlink/genetlink.c:800\n    [<000000000286dd87>] netlink_rcv_skb+0x153/0x430 net/netlink/af_netlink.c:2515\n    [<0000000061fed410>] genl_rcv+0x24/0x40 net/netlink/genetlink.c:811\n    [<000000009dc0f111>] netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\n    [<000000009dc0f111>] netlink_unicast+0x545/0x7f0 net/netlink/af_netlink.c:1339\n    [<000000004a5ee816>] netlink_sendmsg+0x8e7/0xde0 net/netlink/af_netlink.c:1934\n    [<00000000482b476f>] sock_sendmsg_nosec net/socket.c:651 [inline]\n    [<00000000482b476f>] sock_sendmsg+0x152/0x190 net/socket.c:671\n    [<00000000698574ba>] ____sys_sendmsg+0x70a/0x870 net/socket.c:2356\n    [<00000000d28d9e11>] ___sys_sendmsg+0xf3/0x170 net/socket.c:2410\n    [<0000000083ba9120>] __sys_sendmsg+0xe5/0x1b0 net/socket.c:2439\n    [<00000000c00628f8>] do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n    [<000000004abfdcf4>] entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nTo fix this the patch rearranges the goto labels to reflect the order of\nobject allocations and adds appropriate goto statements on the error\npaths.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/openvswitch/datapath.c"],"versions":[{"version":"655e873bf528f0f46ce6b069f9a2daee9621197c","lessThan":"1ac653cf886cdfc082708c82dc6ac6115cebd2ee","status":"affected","versionType":"git"},{"version":"ee27d70556a47c3a07e65a60f47e3ea12a255af8","lessThan":"af4e720bc00a2653f7b9df21755b9978b3d7f386","status":"affected","versionType":"git"},{"version":"8b74211bf60b3e0c0ed4fe3d16c92ffdcaaf34eb","lessThan":"ed6c5e8caf55778500202775167e8ccdb1a030cb","status":"affected","versionType":"git"},{"version":"6736b61ecf230dd656464de0f514bdeadb384f20","lessThan":"70154489f531587996f3e9d7cceeee65cff0001d","status":"affected","versionType":"git"},{"version":"0133615a06007684df648feb9d327714e399afd4","lessThan":"f423c2efd51d7eb1d143c2be7eea233241d9bbbf","status":"affected","versionType":"git"},{"version":"32d5fa5bdccec2361fc6c4ed05a7367155b3a1e9","lessThan":"70d40674a549d498bd63d5432acf46205da1534b","status":"affected","versionType":"git"},{"version":"68bb10101e6b0a6bb44e9c908ef795fc4af99eae","lessThan":"0c598aed445eb45b0ee7ba405f7ece99ee349c30","status":"affected","versionType":"git"},{"version":"4f592e712ea2132f511d545954867d7880df5be2","status":"affected","versionType":"git"},{"version":"a991a411c3e21ef22507400dbb179ae02029d42c","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/openvswitch/datapath.c"],"versions":[{"version":"4.14.303","lessThan":"4.14.306","status":"affected","versionType":"semver"},{"version":"4.19.270","lessThan":"4.19.273","status":"affected","versionType":"semver"},{"version":"5.4.229","lessThan":"5.4.232","status":"affected","versionType":"semver"},{"version":"5.10.163","lessThan":"5.10.168","status":"affected","versionType":"semver"},{"version":"5.15.86","lessThan":"5.15.93","status":"affected","versionType":"semver"},{"version":"6.1.2","lessThan":"6.1.11","status":"affected","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.303","versionEndExcluding":"4.14.306"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.270","versionEndExcluding":"4.19.273"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.229","versionEndExcluding":"5.4.232"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.163","versionEndExcluding":"5.10.168"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.86","versionEndExcluding":"5.15.93"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.2","versionEndExcluding":"6.1.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.337"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1ac653cf886cdfc082708c82dc6ac6115cebd2ee"},{"url":"https://git.kernel.org/stable/c/af4e720bc00a2653f7b9df21755b9978b3d7f386"},{"url":"https://git.kernel.org/stable/c/ed6c5e8caf55778500202775167e8ccdb1a030cb"},{"url":"https://git.kernel.org/stable/c/70154489f531587996f3e9d7cceeee65cff0001d"},{"url":"https://git.kernel.org/stable/c/f423c2efd51d7eb1d143c2be7eea233241d9bbbf"},{"url":"https://git.kernel.org/stable/c/70d40674a549d498bd63d5432acf46205da1534b"},{"url":"https://git.kernel.org/stable/c/0c598aed445eb45b0ee7ba405f7ece99ee349c30"}],"title":"net: openvswitch: fix flow memory leak in ovs_flow_cmd_new","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-401","lang":"en","description":"CWE-401 Missing Release of Memory after Effective Lifetime"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-10-01T17:21:57.463878Z","id":"CVE-2023-52977","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-01T17:21:59.721Z"}}]}}