1. Home
  2. Vulnerabilities
  3. CVE-2023-52887

CVE-2023-52887

EPSS 0.04 % (11th)
0.04% Progress
Advisories 11
NVD Status Awaiting Analysis
Info EPSS References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

In the Linux kernel, the following vulnerability has been resolved:

net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new

This patch enhances error handling in scenarios with RTS (Request to
Send) messages arriving closely. It replaces the less informative WARN_ON_ONCE
backtraces with a new error handling method. This provides clearer error
messages and allows for the early termination of problematic sessions.
Previously, sessions were only released at the end of j1939_xtp_rx_rts().

Potentially this could be reproduced with something like:
testj1939 -r vcan0:0x80 &
while true; do
# send first RTS
cansend vcan0 18EC8090#1014000303002301;
# send second RTS
cansend vcan0 18EC8090#1014000303002301;
# send abort
cansend vcan0 18EC8090#ff00000000002301;
done

CVE Status
PUBLISHED
NVD Status
Awaiting Analysis
CNA
kernel.org
Published Date
2024-07-29 16:15:03
(7 weeks ago)
Updated Date
2024-07-29 16:21:52
(7 weeks ago)