CVE-2023-52941
Last modified
CVE-2023-52941 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: can: isotp: split tx timer into transmission and timeout The timer for the transmission of isotp PDUs formerly had two functions: 1. send two consecutive frames with a given time gap 2. EPSS estimates a 0.18% chance of exploitation in the next 30 days.
Description
In the Linux kernel, the following vulnerability has been resolved: can: isotp: split tx timer into transmission and timeout The timer for the transmission of isotp PDUs formerly had two functions: 1. send two consecutive frames with a given time gap 2. monitor the timeouts for flow control frames and the echo frames This led to larger txstate checks and potentially to a problem discovered by syzbot which enabled the panic_on_warn feature while testing. The former 'txtimer' function is split into 'txfrtimer' and 'txtimer' to handle the two above functionalities with separate timer callbacks. The two simplified timers now run in one-shot mode and make the state transitions (especially with isotp_rcv_echo) better understandable.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Linux | Linux Kernel | >= 6.0.9, < 6.1 | — |
| Linux | Linux Kernel | >= 6.1.1, < 6.1.11 | — |
| Linux | Linux Kernel | 6.1 | — |
| Linux | Linux Kernel | 6.2 | Rc1 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2023-52941?
How severe is CVE-2023-52941?
How do I fix CVE-2023-52941?
Are you affected by CVE-2023-52941?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST