CVE-2023-5563

Summary

The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception.

Affected Software

VendorProductVersion RangeStatus
zephyrproject-rtosZephyr3.3 <= 3.4affected

Weaknesses

  • CWE-703: CWE-703 Improper Check or Handling of Exceptional Conditions The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References