CVE-2023-52887 net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new

2024-07-2915:52:27

Linux

www.cve.org

linux kernel

patch

error handling

can

j1939

network messages

EPSS

Percentile

10.7%

JSON

In the Linux kernel, the following vulnerability has been resolved:

net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new

This patch enhances error handling in scenarios with RTS (Request to
Send) messages arriving closely. It replaces the less informative WARN_ON_ONCE
backtraces with a new error handling method. This provides clearer error
messages and allows for the early termination of problematic sessions.
Previously, sessions were only released at the end of j1939_xtp_rx_rts().

Potentially this could be reproduced with something like:
testj1939 -r vcan0:0x80 &
while true; do
# send first RTS
cansend vcan0 18EC8090#1014000303002301;
# send second RTS
cansend vcan0 18EC8090#1014000303002301;
# send abort
cansend vcan0 18EC8090#ff00000000002301;
done

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/can/j1939/transport.c"
    ],
    "versions": [
      {
        "version": "9d71dd0c7009",
        "lessThan": "ed581989d7ea",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9d71dd0c7009",
        "lessThan": "f6c839e71790",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9d71dd0c7009",
        "lessThan": "1762ca80c2b7",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9d71dd0c7009",
        "lessThan": "26b18dd30e63",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9d71dd0c7009",
        "lessThan": "177e33b655d3",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9d71dd0c7009",
        "lessThan": "0bc0a7416ea7",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9d71dd0c7009",
        "lessThan": "d3e2904f71ea",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/can/j1939/transport.c"
    ],
    "versions": [
      {
        "version": "5.4",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.4",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.279",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.221",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.162",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.97",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.37",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9.8",
        "lessThanOrEqual": "6.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]