{"id":"CVE-2023-52977","summary":"net: openvswitch: fix flow memory leak in ovs_flow_cmd_new","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix flow memory leak in ovs_flow_cmd_new\n\nSyzkaller reports a memory leak of new_flow in ovs_flow_cmd_new() as it is\nnot freed when an allocation of a key fails.\n\nBUG: memory leak\nunreferenced object 0xffff888116668000 (size 632):\n  comm \"syz-executor231\", pid 1090, jiffies 4294844701 (age 18.871s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace:\n    [\u003c00000000defa3494\u003e] kmem_cache_zalloc include/linux/slab.h:654 [inline]\n    [\u003c00000000defa3494\u003e] ovs_flow_alloc+0x19/0x180 net/openvswitch/flow_table.c:77\n    [\u003c00000000c67d8873\u003e] ovs_flow_cmd_new+0x1de/0xd40 net/openvswitch/datapath.c:957\n    [\u003c0000000010a539a8\u003e] genl_family_rcv_msg_doit+0x22d/0x330 net/netlink/genetlink.c:739\n    [\u003c00000000dff3302d\u003e] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]\n    [\u003c00000000dff3302d\u003e] genl_rcv_msg+0x328/0x590 net/netlink/genetlink.c:800\n    [\u003c000000000286dd87\u003e] netlink_rcv_skb+0x153/0x430 net/netlink/af_netlink.c:2515\n    [\u003c0000000061fed410\u003e] genl_rcv+0x24/0x40 net/netlink/genetlink.c:811\n    [\u003c000000009dc0f111\u003e] netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\n    [\u003c000000009dc0f111\u003e] netlink_unicast+0x545/0x7f0 net/netlink/af_netlink.c:1339\n    [\u003c000000004a5ee816\u003e] netlink_sendmsg+0x8e7/0xde0 net/netlink/af_netlink.c:1934\n    [\u003c00000000482b476f\u003e] sock_sendmsg_nosec net/socket.c:651 [inline]\n    [\u003c00000000482b476f\u003e] sock_sendmsg+0x152/0x190 net/socket.c:671\n    [\u003c00000000698574ba\u003e] ____sys_sendmsg+0x70a/0x870 net/socket.c:2356\n    [\u003c00000000d28d9e11\u003e] ___sys_sendmsg+0xf3/0x170 net/socket.c:2410\n    [\u003c0000000083ba9120\u003e] __sys_sendmsg+0xe5/0x1b0 net/socket.c:2439\n    [\u003c00000000c00628f8\u003e] do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n    [\u003c000000004abfdcf4\u003e] entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nTo fix this the patch rearranges the goto labels to reflect the order of\nobject allocations and adds appropriate goto statements on the error\npaths.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.","modified":"2026-04-02T09:43:31.175730Z","published":"2025-03-27T16:43:17.234Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52977.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0c598aed445eb45b0ee7ba405f7ece99ee349c30"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1ac653cf886cdfc082708c82dc6ac6115cebd2ee"},{"type":"WEB","url":"https://git.kernel.org/stable/c/70154489f531587996f3e9d7cceeee65cff0001d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/70d40674a549d498bd63d5432acf46205da1534b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/af4e720bc00a2653f7b9df21755b9978b3d7f386"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ed6c5e8caf55778500202775167e8ccdb1a030cb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f423c2efd51d7eb1d143c2be7eea233241d9bbbf"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52977.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52977"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"655e873bf528f0f46ce6b069f9a2daee9621197c"},{"fixed":"1ac653cf886cdfc082708c82dc6ac6115cebd2ee"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ee27d70556a47c3a07e65a60f47e3ea12a255af8"},{"fixed":"af4e720bc00a2653f7b9df21755b9978b3d7f386"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8b74211bf60b3e0c0ed4fe3d16c92ffdcaaf34eb"},{"fixed":"ed6c5e8caf55778500202775167e8ccdb1a030cb"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"6736b61ecf230dd656464de0f514bdeadb384f20"},{"fixed":"70154489f531587996f3e9d7cceeee65cff0001d"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0133615a06007684df648feb9d327714e399afd4"},{"fixed":"f423c2efd51d7eb1d143c2be7eea233241d9bbbf"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"32d5fa5bdccec2361fc6c4ed05a7367155b3a1e9"},{"fixed":"70d40674a549d498bd63d5432acf46205da1534b"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"68bb10101e6b0a6bb44e9c908ef795fc4af99eae"},{"fixed":"0c598aed445eb45b0ee7ba405f7ece99ee349c30"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"4f592e712ea2132f511d545954867d7880df5be2"},{"last_affected":"a991a411c3e21ef22507400dbb179ae02029d42c"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52977.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}