CVE-2023-52887

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new

This patch enhances error handling in scenarios with RTS (Request to Send) messages arriving closely. It replaces the less informative WARN_ON_ONCE backtraces with a new error handling method. This provides clearer error messages and allows for the early termination of problematic sessions. Previously, sessions were only released at the end of j1939_xtp_rx_rts().

Potentially this could be reproduced with something like: testj1939 -r vcan0:0x80 & while true; do # send first RTS cansend vcan0 18EC8090#1014000303002301; # send second RTS cansend vcan0 18EC8090#1014000303002301; # send abort cansend vcan0 18EC8090#ff00000000002301; done

Affected Software

VendorProductVersion RangeStatus
LinuxLinux9d71dd0c70099914fcd063135da3c580865e924c < ed581989d7ea9df6f8646beba2341e32cd49a1f9affected
LinuxLinux9d71dd0c70099914fcd063135da3c580865e924c < f6c839e717901dbd6b1c1ca807b6210222eb70f6affected
LinuxLinux9d71dd0c70099914fcd063135da3c580865e924c < 1762ca80c2b72dd1b5821c5e347713ae696276eaaffected
LinuxLinux9d71dd0c70099914fcd063135da3c580865e924c < 26b18dd30e63d4fd777be429148e8e4ed66f60b2affected
LinuxLinux9d71dd0c70099914fcd063135da3c580865e924c < 177e33b655d35d72866b50aec84307119dc5f3d4affected
LinuxLinux9d71dd0c70099914fcd063135da3c580865e924c < 0bc0a7416ea73f79f915c9a05ac0858dff65cfedaffected
LinuxLinux9d71dd0c70099914fcd063135da3c580865e924c < d3e2904f71ea0fe7eaff1d68a2b0363c888ea0fbaffected
LinuxLinux5.4affected
LinuxLinux0 < 5.4unaffected
LinuxLinux5.4.279 <= 5.4.*unaffected
LinuxLinux5.10.221 <= 5.10.*unaffected
LinuxLinux5.15.162 <= 5.15.*unaffected
LinuxLinux6.1.97 <= 6.1.*unaffected
LinuxLinux6.6.37 <= 6.6.*unaffected
LinuxLinux6.9.8 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References