CVE-2023-52977

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: openvswitch: fix flow memory leak in ovs_flow_cmd_new<br /> <br /> Syzkaller reports a memory leak of new_flow in ovs_flow_cmd_new() as it is<br /> not freed when an allocation of a key fails.<br /> <br /> BUG: memory leak<br /> unreferenced object 0xffff888116668000 (size 632):<br /> comm "syz-executor231", pid 1090, jiffies 4294844701 (age 18.871s)<br /> hex dump (first 32 bytes):<br /> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................<br /> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................<br /> backtrace:<br /> [] kmem_cache_zalloc include/linux/slab.h:654 [inline]<br /> [] ovs_flow_alloc+0x19/0x180 net/openvswitch/flow_table.c:77<br /> [] ovs_flow_cmd_new+0x1de/0xd40 net/openvswitch/datapath.c:957<br /> [] genl_family_rcv_msg_doit+0x22d/0x330 net/netlink/genetlink.c:739<br /> [] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]<br /> [] genl_rcv_msg+0x328/0x590 net/netlink/genetlink.c:800<br /> [] netlink_rcv_skb+0x153/0x430 net/netlink/af_netlink.c:2515<br /> [] genl_rcv+0x24/0x40 net/netlink/genetlink.c:811<br /> [] netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]<br /> [] netlink_unicast+0x545/0x7f0 net/netlink/af_netlink.c:1339<br /> [] netlink_sendmsg+0x8e7/0xde0 net/netlink/af_netlink.c:1934<br /> [] sock_sendmsg_nosec net/socket.c:651 [inline]<br /> [] sock_sendmsg+0x152/0x190 net/socket.c:671<br /> [] ____sys_sendmsg+0x70a/0x870 net/socket.c:2356<br /> [] ___sys_sendmsg+0xf3/0x170 net/socket.c:2410<br /> [] __sys_sendmsg+0xe5/0x1b0 net/socket.c:2439<br /> [] do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46<br /> [] entry_SYSCALL_64_after_hwframe+0x61/0xc6<br /> <br /> To fix this the patch rearranges the goto labels to reflect the order of<br /> object allocations and adds appropriate goto statements on the error<br /> paths.<br /> <br /> Found by Linux Verification Center (linuxtesting.org) with Syzkaller.