CVE-2023-54152

Summary

In the Linux kernel, the following vulnerability has been resolved:

can: j1939: prevent deadlock by moving j1939_sk_errqueue()

This commit addresses a deadlock situation that can occur in certain scenarios, such as when running data TP/ETP transfer and subscribing to the error queue while receiving a net down event. The deadlock involves locks in the following order:

3 j1939_session_list_lock -> active_session_list_lock j1939_session_activate … j1939_sk_queue_activate_next -> sk_session_queue_lock … j1939_xtp_rx_eoma_one

2 j1939_sk_queue_drop_all -> sk_session_queue_lock … j1939_sk_netdev_event_netdown -> j1939_socks_lock j1939_netdev_notify

1 j1939_sk_errqueue -> j1939_socks_lock __j1939_session_cancel -> active_session_list_lock j1939_tp_rxtimer

   CPU0                    CPU1
   ----                    ----

lock(&priv->active_session_list_lock); lock(&jsk->sk_session_queue_lock); lock(&priv->active_session_list_lock); lock(&priv->j1939_socks_lock);

The solution implemented in this commit is to move the j1939_sk_errqueue() call out of the active_session_list_lock context, thus preventing the deadlock situation.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux5b9272e93f2efe3f6cda60cc2c26817b2ce49386 < 8a581b71cf686b4cd1a85c9c2dfc2fb88382c3b4affected
LinuxLinux5b9272e93f2efe3f6cda60cc2c26817b2ce49386 < ace6aa2ab5ba5869563ca689bbd912100514ae7baffected
LinuxLinux5b9272e93f2efe3f6cda60cc2c26817b2ce49386 < f09ce9d765de1f064ce3919f57c6beb061744784affected
LinuxLinux5b9272e93f2efe3f6cda60cc2c26817b2ce49386 < d1366b283d94ac4537a4b3a1e8668da4df7ce7e9affected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux5.15.106 <= 5.15.*unaffected
LinuxLinux6.1.23 <= 6.1.*unaffected
LinuxLinux6.2.10 <= 6.2.*unaffected
LinuxLinux6.3 <= *unaffected

Weaknesses

References