CVE-2023-52887
- Source
- https://cve.org/CVERecord?id=CVE-2023-52887
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52887.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-52887
- Downstream
- Related
- Published
- 2024-07-29T15:52:27.615Z
- Modified
- 2026-03-14T12:23:15.575626Z
- Summary
- net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: can: j1939: enhanced error handling for tightly received RTS messages in xtprxrtssessionnew
This patch enhances error handling in scenarios with RTS (Request to Send) messages arriving closely. It replaces the less informative WARNONONCE backtraces with a new error handling method. This provides clearer error messages and allows for the early termination of problematic sessions. Previously, sessions were only released at the end of j1939xtprx_rts().
Potentially this could be reproduced with something like: testj1939 -r vcan0:0x80 & while true; do # send first RTS cansend vcan0 18EC8090#1014000303002301; # send second RTS cansend vcan0 18EC8090#1014000303002301; # send abort cansend vcan0 18EC8090#ff00000000002301; done
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52887.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0bc0a7416ea73f79f915c9a05ac0858dff65cfed
- https://git.kernel.org/stable/c/1762ca80c2b72dd1b5821c5e347713ae696276ea
- https://git.kernel.org/stable/c/177e33b655d35d72866b50aec84307119dc5f3d4
- https://git.kernel.org/stable/c/26b18dd30e63d4fd777be429148e8e4ed66f60b2
- https://git.kernel.org/stable/c/d3e2904f71ea0fe7eaff1d68a2b0363c888ea0fb
- https://git.kernel.org/stable/c/ed581989d7ea9df6f8646beba2341e32cd49a1f9
- https://git.kernel.org/stable/c/f6c839e717901dbd6b1c1ca807b6210222eb70f6
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52887.json
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-52887
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9d71dd0c70099914fcd063135da3c580865e924cFixeded581989d7ea9df6f8646beba2341e32cd49a1f9Fixedf6c839e717901dbd6b1c1ca807b6210222eb70f6Fixed1762ca80c2b72dd1b5821c5e347713ae696276eaFixed26b18dd30e63d4fd777be429148e8e4ed66f60b2Fixed177e33b655d35d72866b50aec84307119dc5f3d4Fixed0bc0a7416ea73f79f915c9a05ac0858dff65cfedFixedd3e2904f71ea0fe7eaff1d68a2b0363c888ea0fb