CVE-2023-54152

EPSS 0.03%
Veröffentlicht 24.12.2025 13:07:03
Zuletzt bearbeitet 29.12.2025 15:58:13
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

can: j1939: prevent deadlock by moving j1939_sk_errqueue()

This commit addresses a deadlock situation that can occur in certain
scenarios, such as when running data TP/ETP transfer and subscribing to
the error queue while receiving a net down event. The deadlock involves
locks in the following order:

3
  j1939_session_list_lock ->  active_session_list_lock
  j1939_session_activate
  ...
  j1939_sk_queue_activate_next -> sk_session_queue_lock
  ...
  j1939_xtp_rx_eoma_one

2
  j1939_sk_queue_drop_all  ->  sk_session_queue_lock
  ...
  j1939_sk_netdev_event_netdown -> j1939_socks_lock
  j1939_netdev_notify

1
  j1939_sk_errqueue -> j1939_socks_lock
  __j1939_session_cancel -> active_session_list_lock
  j1939_tp_rxtimer

       CPU0                    CPU1
       ----                    ----
  lock(&priv->active_session_list_lock);
                               lock(&jsk->sk_session_queue_lock);
                               lock(&priv->active_session_list_lock);
  lock(&priv->j1939_socks_lock);

The solution implemented in this commit is to move the
j1939_sk_errqueue() call out of the active_session_list_lock context,
thus preventing the deadlock situation.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 8a581b71cf686b4cd1a85c9c2dfc2fb88382c3b4

Version 5b9272e93f2efe3f6cda60cc2c26817b2ce49386

Status affected

Version < ace6aa2ab5ba5869563ca689bbd912100514ae7b

Version 5b9272e93f2efe3f6cda60cc2c26817b2ce49386

Status affected

Version < f09ce9d765de1f064ce3919f57c6beb061744784

Version 5b9272e93f2efe3f6cda60cc2c26817b2ce49386

Status affected

Version < d1366b283d94ac4537a4b3a1e8668da4df7ce7e9

Version 5b9272e93f2efe3f6cda60cc2c26817b2ce49386

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.15

Status affected

Version < 5.15

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.106

Status unaffected

Version <= 6.1.*

Version 6.1.23

Status unaffected

Version <= 6.2.*

Version 6.2.10

Status unaffected

Version <= *

Version 6.3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.064

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/8a581b71cf686b4cd1a85c9c2dfc2fb88382c3b4

https://git.kernel.org/stable/c/ace6aa2ab5ba5869563ca689bbd912100514ae7b

https://git.kernel.org/stable/c/f09ce9d765de1f064ce3919f57c6beb061744784

https://git.kernel.org/stable/c/d1366b283d94ac4537a4b3a1e8668da4df7ce7e9

https://nvd.nist.gov/vuln/detail/CVE-2023-54152

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54152

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54152

EUVD