CVE-2024-41088

MEDIUM EPSS 13.3%
Published Jul 29, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 29, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: can: mcp251xfd: fix infinite loop when xmit fails When the mcp251xfd_start_xmit() function fails, the driver stops processing messages, and the interrupt routine does not return, running indefinitely even after killing the running application. Error messages: [ 441.298819] mcp251xfd spi2.0 can0: ERROR in mcp251xfd_start_xmit: -16 [ 441.306498] mcp251xfd spi2.0 can0: Transmit Event FIFO buffer not empty. (seq=0x000017c7, tef_tail=0x000017cf, tef_head=0x000017d0, tx_head=0x000017d3). ... and repeat forever. The issue can be triggered when multiple devices share the same SPI interface. And there is concurrent access to the bus. The problem occurs because tx_ring->head increments even if mcp251xfd_start_xmit() fails. Consequently, the driver skips one TX package while still expecting a response in mcp251xfd_handle_tefif_one(). Resolve the issue by starting a workqueue to write the tx obj synchronously if err = -EBUSY. In case of another error, decrement tx_ring->head, remove skb from the echo stack, and drop the message. [mkl: use more imperative wording in patch description]

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
13.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-835

Affected Products 3

VendorProductVersionRange
linuxlinux_kernel*≥5.10  –  <6.1.97
linuxlinux_kernel*≥6.2  –  <6.6.37
linuxlinux_kernel*≥6.7  –  <6.9.8

References 5

  • git.kernel.org https://git.kernel.org/stable/c/3e72558c1711d524e3150103739ddd06650e291b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6c6b4afa59c2fb4d1759235f866d8caed2aa4729
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d8fb63e46c884c898a38f061c2330f7729e75510
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f926c022ebaabf7963bebf89a97201d66978a025
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/3e72558c1711d524e3150103739ddd06650e291b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6c6b4afa59c2fb4d1759235f866d8caed2aa4729
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d8fb63e46c884c898a38f061c2330f7729e75510
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f926c022ebaabf7963bebf89a97201d66978a025
    Patch