Linux Kernel up to 6.1.10 include/linux/slab.h ovs_flow_cmd_new memory leak

| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.6 | $0-$5k | 0.00 |
Summary
A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.10. This affects the function ovs_flow_cmd_new in the library include/linux/slab.h. This manipulation causes memory leak.
This vulnerability is registered as CVE-2023-52977. No exploit is available.
You should upgrade the affected component.
Details
A vulnerability has been found in Linux Kernel up to 6.1.10 and classified as critical. Affected by this vulnerability is the function ovs_flow_cmd_new in the library include/linux/slab.h. The manipulation with an unknown input leads to a memory leak vulnerability. The CWE definition for the vulnerability is CWE-401. The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory. As an impact it is known to affect availability. The summary by CVE is:
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix flow memory leak in ovs_flow_cmd_new Syzkaller reports a memory leak of new_flow in ovs_flow_cmd_new() as it is not freed when an allocation of a key fails. BUG: memory leak unreferenced object 0xffff888116668000 (size 632): comm "syz-executor231", pid 1090, jiffies 4294844701 (age 18.871s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] kmem_cache_zalloc include/linux/slab.h:654 [inline] [] ovs_flow_alloc+0x19/0x180 net/openvswitch/flow_table.c:77 [] ovs_flow_cmd_new+0x1de/0xd40 net/openvswitch/datapath.c:957 [] genl_family_rcv_msg_doit+0x22d/0x330 net/netlink/genetlink.c:739 [] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline] [] genl_rcv_msg+0x328/0x590 net/netlink/genetlink.c:800 [] netlink_rcv_skb+0x153/0x430 net/netlink/af_netlink.c:2515 [] genl_rcv+0x24/0x40 net/netlink/genetlink.c:811 [] netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] [] netlink_unicast+0x545/0x7f0 net/netlink/af_netlink.c:1339 [] netlink_sendmsg+0x8e7/0xde0 net/netlink/af_netlink.c:1934 [] sock_sendmsg_nosec net/socket.c:651 [inline] [] sock_sendmsg+0x152/0x190 net/socket.c:671 [] ____sys_sendmsg+0x70a/0x870 net/socket.c:2356 [] ___sys_sendmsg+0xf3/0x170 net/socket.c:2410 [] __sys_sendmsg+0xe5/0x1b0 net/socket.c:2439 [] do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46 [] entry_SYSCALL_64_after_hwframe+0x61/0xc6 To fix this the patch rearranges the goto labels to reflect the order of object allocations and adds appropriate goto statements on the error paths. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
The advisory is shared at git.kernel.org. This vulnerability is known as CVE-2023-52977 since 03/27/2025. The exploitation appears to be difficult. Technical details are known, but no exploit is available.
The vulnerability scanner Nessus provides a plugin with the ID 249320 (EulerOS 2.0 SP13 : kernel (EulerOS-SA-2025-1979)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 4.14.306, 4.19.273, 5.4.232, 5.10.168, 5.15.93 or 6.1.11 eliminates this vulnerability. Applying the patch 1ac653cf886cdfc082708c82dc6ac6115cebd2ee/af4e720bc00a2653f7b9df21755b9978b3d7f386/ed6c5e8caf55778500202775167e8ccdb1a030cb/70154489f531587996f3e9d7cceeee65cff0001d/f423c2efd51d7eb1d143c2be7eea233241d9bbbf/70d40674a549d498bd63d5432acf46205da1534b/0c598aed445eb45b0ee7ba405f7ece99ee349c30 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the databases at Tenable (249320) and CERT Bund (WID-SEC-2025-0649). If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Affected
- Google Container-Optimized OS
- Debian Linux
- Amazon Linux 2
- Red Hat Enterprise Linux
- Ubuntu Linux
- SUSE Linux
- Oracle Linux
- SUSE openSUSE
- Dell Avamar
- Open Source Linux Kernel
- SolarWinds Security Event Manager
- Dell NetWorker
- Dell Secure Connect Gateway
Product
Type
Vendor
Name
Version
- 4.14.305
- 4.19.272
- 5.4.231
- 5.10.167
- 5.15.0
- 5.15.1
- 5.15.2
- 5.15.3
- 5.15.4
- 5.15.5
- 5.15.6
- 5.15.7
- 5.15.8
- 5.15.9
- 5.15.10
- 5.15.11
- 5.15.12
- 5.15.13
- 5.15.14
- 5.15.15
- 5.15.16
- 5.15.17
- 5.15.18
- 5.15.19
- 5.15.20
- 5.15.21
- 5.15.22
- 5.15.23
- 5.15.24
- 5.15.25
- 5.15.26
- 5.15.27
- 5.15.28
- 5.15.29
- 5.15.30
- 5.15.31
- 5.15.32
- 5.15.33
- 5.15.34
- 5.15.35
- 5.15.36
- 5.15.37
- 5.15.38
- 5.15.39
- 5.15.40
- 5.15.41
- 5.15.42
- 5.15.43
- 5.15.44
- 5.15.45
- 5.15.46
- 5.15.47
- 5.15.48
- 5.15.49
- 5.15.50
- 5.15.51
- 5.15.52
- 5.15.53
- 5.15.54
- 5.15.55
- 5.15.56
- 5.15.57
- 5.15.58
- 5.15.59
- 5.15.60
- 5.15.61
- 5.15.62
- 5.15.63
- 5.15.64
- 5.15.65
- 5.15.66
- 5.15.67
- 5.15.68
- 5.15.69
- 5.15.70
- 5.15.71
- 5.15.72
- 5.15.73
- 5.15.74
- 5.15.75
- 5.15.76
- 5.15.77
- 5.15.78
- 5.15.79
- 5.15.80
- 5.15.81
- 5.15.82
- 5.15.83
- 5.15.84
- 5.15.85
- 5.15.86
- 5.15.87
- 5.15.88
- 5.15.89
- 5.15.90
- 5.15.91
- 5.15.92
- 6.1.0
- 6.1.1
- 6.1.2
- 6.1.3
- 6.1.4
- 6.1.5
- 6.1.6
- 6.1.7
- 6.1.8
- 6.1.9
- 6.1.10
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.8VulDB Meta Temp Score: 4.6
VulDB Base Score: 4.8
VulDB Temp Score: 4.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Memory leakCWE: CWE-401 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 249320
Nessus Name: EulerOS 2.0 SP13 : kernel (EulerOS-SA-2025-1979)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Kernel 4.14.306/4.19.273/5.4.232/5.10.168/5.15.93/6.1.11
Patch: 1ac653cf886cdfc082708c82dc6ac6115cebd2ee/af4e720bc00a2653f7b9df21755b9978b3d7f386/ed6c5e8caf55778500202775167e8ccdb1a030cb/70154489f531587996f3e9d7cceeee65cff0001d/f423c2efd51d7eb1d143c2be7eea233241d9bbbf/70d40674a549d498bd63d5432acf46205da1534b/0c598aed445eb45b0ee7ba405f7ece99ee349c30
Timeline
03/27/2025 🔍03/27/2025 🔍
03/27/2025 🔍
12/07/2025 🔍
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2023-52977 (🔍)
GCVE (CVE): GCVE-0-2023-52977
GCVE (VulDB): GCVE-100-301765
CERT Bund: WID-SEC-2025-0649 - Linux Kernel: Mehrere Schwachstellen
Entry
Created: 03/27/2025 18:53Updated: 12/07/2025 02:17
Changes: 03/27/2025 18:53 (59), 08/15/2025 07:51 (2), 08/24/2025 09:43 (7), 12/07/2025 02:17 (1)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.