CVE-2023-52887

net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new

Severity Score

0.0

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new This patch enhances error handling in scenarios with RTS (Request to
Send) messages arriving closely. It replaces the less informative WARN_ON_ONCE
backtraces with a new error handling method. This provides clearer error
messages and allows for the early termination of problematic sessions.
Previously, sessions were only released at the end of j1939_xtp_rx_rts(). Potentially this could be reproduced with something like:
testj1939 -r vcan0:0x80 &
while true; do # send first RTS cansend vcan0 18EC8090#1014000303002301; # send second RTS cansend vcan0 18EC8090#1014000303002301; # send abort cansend vcan0 18EC8090#ff00000000002301;
done

In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new This patch enhances error handling in scenarios with RTS (Request to Send) messages arriving closely. It replaces the less informative WARN_ON_ONCE backtraces with a new error handling method. This provides clearer error messages and allows for the early termination of problematic sessions. Previously, sessions were only released at the end of j1939_xtp_rx_rts(). Potentially this could be reproduced with something like: testj1939 -r vcan0:0x80 & while true; do # send first RTS cansend vcan0 18EC8090#1014000303002301; # send second RTS cansend vcan0 18EC8090#1014000303002301; # send abort cansend vcan0 18EC8090#ff00000000002301; done

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service.

*Credits: N/A

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

High

Authentication

Single

Confidentiality

None

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-21 CVE Reserved
2024-07-29 CVE Published
2024-12-19 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/9d71dd0c70099914fcd063135da3c580865e924c	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/ed581989d7ea9df6f8646beba2341e32cd49a1f9	2024-07-05
https://git.kernel.org/stable/c/f6c839e717901dbd6b1c1ca807b6210222eb70f6	2024-07-05
https://git.kernel.org/stable/c/1762ca80c2b72dd1b5821c5e347713ae696276ea	2024-07-05
https://git.kernel.org/stable/c/26b18dd30e63d4fd777be429148e8e4ed66f60b2	2024-07-05
https://git.kernel.org/stable/c/177e33b655d35d72866b50aec84307119dc5f3d4	2024-07-05
https://git.kernel.org/stable/c/0bc0a7416ea73f79f915c9a05ac0858dff65cfed	2024-07-05
https://git.kernel.org/stable/c/d3e2904f71ea0fe7eaff1d68a2b0363c888ea0fb	2024-06-21

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 5.4.279 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.4.279"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 5.10.221 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.10.221"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 5.15.162 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.15.162"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 6.1.97 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 6.1.97"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 6.6.37 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 6.6.37"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 6.9.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 6.9.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 6.10"		en		Affected