{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T19:03:56.039157100Z","vulnerabilities":[{"cve":{"id":"CVE-2023-52977","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-03-27T17:15:44.793","lastModified":"2025-10-01T18:15:34.343","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix flow memory leak in ovs_flow_cmd_new\n\nSyzkaller reports a memory leak of new_flow in ovs_flow_cmd_new() as it is\nnot freed when an allocation of a key fails.\n\nBUG: memory leak\nunreferenced object 0xffff888116668000 (size 632):\n  comm \"syz-executor231\", pid 1090, jiffies 4294844701 (age 18.871s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace:\n    [<00000000defa3494>] kmem_cache_zalloc include/linux/slab.h:654 [inline]\n    [<00000000defa3494>] ovs_flow_alloc+0x19/0x180 net/openvswitch/flow_table.c:77\n    [<00000000c67d8873>] ovs_flow_cmd_new+0x1de/0xd40 net/openvswitch/datapath.c:957\n    [<0000000010a539a8>] genl_family_rcv_msg_doit+0x22d/0x330 net/netlink/genetlink.c:739\n    [<00000000dff3302d>] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]\n    [<00000000dff3302d>] genl_rcv_msg+0x328/0x590 net/netlink/genetlink.c:800\n    [<000000000286dd87>] netlink_rcv_skb+0x153/0x430 net/netlink/af_netlink.c:2515\n    [<0000000061fed410>] genl_rcv+0x24/0x40 net/netlink/genetlink.c:811\n    [<000000009dc0f111>] netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\n    [<000000009dc0f111>] netlink_unicast+0x545/0x7f0 net/netlink/af_netlink.c:1339\n    [<000000004a5ee816>] netlink_sendmsg+0x8e7/0xde0 net/netlink/af_netlink.c:1934\n    [<00000000482b476f>] sock_sendmsg_nosec net/socket.c:651 [inline]\n    [<00000000482b476f>] sock_sendmsg+0x152/0x190 net/socket.c:671\n    [<00000000698574ba>] ____sys_sendmsg+0x70a/0x870 net/socket.c:2356\n    [<00000000d28d9e11>] ___sys_sendmsg+0xf3/0x170 net/socket.c:2410\n    [<0000000083ba9120>] __sys_sendmsg+0xe5/0x1b0 net/socket.c:2439\n    [<00000000c00628f8>] do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n    [<000000004abfdcf4>] entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nTo fix this the patch rearranges the goto labels to reflect the order of\nobject allocations and adds appropriate goto statements on the error\npaths.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: openvswitch: corrige pérdida de memoria de flujo en ovs_flow_cmd_new Syzkaller informa una pérdida de memoria de new_flow en ovs_flow_cmd_new() ya que no se libera cuando falla la asignación de una clave. ERROR: Fuga de memoria, objeto no referenciado 0xffff888116668000 (tamaño 632): comunicación \"syz-executor231\", pid 1090, jiffies 4294844701 (edad 18.871 s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ seguimiento inverso: [&lt;00000000defa3494&gt;] kmem_cache_zalloc include/linux/slab.h:654 [en línea] [&lt;00000000defa3494&gt;] ovs_flow_alloc+0x19/0x180 net/openvswitch/flow_table.c:77 [&lt;00000000c67d8873&gt;] ovs_flow_cmd_new+0x1de/0xd40 net/openvswitch/datapath.c:957 [&lt;0000000010a539a8&gt;] genl_family_rcv_msg_doit+0x22d/0x330 net/netlink/genetlink.c:739 [&lt;00000000dff3302d&gt;] genl_family_rcv_msg net/netlink/genetlink.c:783 [en línea] [&lt;00000000dff3302d&gt;] genl_rcv_msg+0x328/0x590 net/netlink/genetlink.c:800 [&lt;000000000286dd87&gt;] netlink_rcv_skb+0x153/0x430 net/netlink/af_netlink.c:2515 [&lt;0000000061fed410&gt;] genl_rcv+0x24/0x40 net/netlink/genetlink.c:811 [&lt;000000009dc0f111&gt;] netlink_unicast_kernel net/netlink/af_netlink.c:1313 [en línea] [&lt;000000009dc0f111&gt;] netlink_unicast+0x545/0x7f0 net/netlink/af_netlink.c:1339 [&lt;000000004a5ee816&gt;] netlink_sendmsg+0x8e7/0xde0 net/netlink/af_netlink.c:1934 [&lt;00000000482b476f&gt;] sock_sendmsg_nosec net/socket.c:651 [en línea] [&lt;00000000482b476f&gt;] sock_sendmsg+0x152/0x190 net/socket.c:671 [&lt;00000000698574ba&gt;] ____sys_sendmsg+0x70a/0x870 net/socket.c:2356 [&lt;00000000d28d9e11&gt;] ___sys_sendmsg+0xf3/0x170 net/socket.c:2410 [&lt;0000000083ba9120&gt;] __sys_sendmsg+0xe5/0x1b0 net/socket.c:2439 [&lt;00000000c00628f8&gt;] do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46 [&lt;000000004abfdcf4&gt;] entry_SYSCALL_64_after_hwframe+0x61/0xc6 Para solucionar esto, el parche reorganiza las etiquetas goto para reflejar el orden de asignación de objetos y añade instrucciones goto adecuadas en las rutas de error. Encontrado por el Centro de Verificación de Linux (linuxtesting.org) con Syzkaller."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.337","versionEndExcluding":"4.10","matchCriteriaId":"0C8C5100-ECF6-4F64-9489-EFC7923A7591"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.303","versionEndExcluding":"4.14.306","matchCriteriaId":"8FD566E7-A4C9-4B80-8066-8813E4F64980"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.270","versionEndExcluding":"4.19.273","matchCriteriaId":"8B5F7481-6295-443C-8297-AAA7400EAF0C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.229","versionEndExcluding":"5.4.232","matchCriteriaId":"A8FD5F9C-EDEC-495D-9CA3-4D3154063522"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.163","versionEndExcluding":"5.10.168","matchCriteriaId":"6C254C95-139A-4910-972B-2E64E3030DB5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.86","versionEndExcluding":"5.15.93","matchCriteriaId":"21081389-6ED8-4898-80ED-81EF6A2B1FEC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.16","versionEndExcluding":"6.1","matchCriteriaId":"6C7522E3-150F-436D-BBD7-96C7B4B795ED"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.2","versionEndExcluding":"6.1.11","matchCriteriaId":"6AACE63B-510D-430C-ACD9-34922D790040"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0c598aed445eb45b0ee7ba405f7ece99ee349c30","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1ac653cf886cdfc082708c82dc6ac6115cebd2ee","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/70154489f531587996f3e9d7cceeee65cff0001d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/70d40674a549d498bd63d5432acf46205da1534b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/af4e720bc00a2653f7b9df21755b9978b3d7f386","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ed6c5e8caf55778500202775167e8ccdb1a030cb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f423c2efd51d7eb1d143c2be7eea233241d9bbbf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}