CVE-2023-52887

MEDIUM EPSS 13.2%
Published Jul 29, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 29, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new This patch enhances error handling in scenarios with RTS (Request to Send) messages arriving closely. It replaces the less informative WARN_ON_ONCE backtraces with a new error handling method. This provides clearer error messages and allows for the early termination of problematic sessions. Previously, sessions were only released at the end of j1939_xtp_rx_rts(). Potentially this could be reproduced with something like: testj1939 -r vcan0:0x80 & while true; do # send first RTS cansend vcan0 18EC8090#1014000303002301; # send second RTS cansend vcan0 18EC8090#1014000303002301; # send abort cansend vcan0 18EC8090#ff00000000002301; done

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
13.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-617

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥5.4  –  <5.4.279
linuxlinux_kernel*≥5.5  –  <5.10.221
linuxlinux_kernel*≥5.11  –  <5.15.162
linuxlinux_kernel*≥5.16  –  <6.1.97
linuxlinux_kernel*≥6.2  –  <6.6.37
linuxlinux_kernel*≥6.7  –  <6.9.8
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/0bc0a7416ea73f79f915c9a05ac0858dff65cfed
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1762ca80c2b72dd1b5821c5e347713ae696276ea
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/177e33b655d35d72866b50aec84307119dc5f3d4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/26b18dd30e63d4fd777be429148e8e4ed66f60b2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d3e2904f71ea0fe7eaff1d68a2b0363c888ea0fb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ed581989d7ea9df6f8646beba2341e32cd49a1f9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f6c839e717901dbd6b1c1ca807b6210222eb70f6
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0bc0a7416ea73f79f915c9a05ac0858dff65cfed
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1762ca80c2b72dd1b5821c5e347713ae696276ea
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/177e33b655d35d72866b50aec84307119dc5f3d4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/26b18dd30e63d4fd777be429148e8e4ed66f60b2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d3e2904f71ea0fe7eaff1d68a2b0363c888ea0fb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ed581989d7ea9df6f8646beba2341e32cd49a1f9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f6c839e717901dbd6b1c1ca807b6210222eb70f6
    Patch