5.5

CVE-2026-23298

can: ucan: Fix infinite loop from zero-length messages

In the Linux kernel, the following vulnerability has been resolved:

can: ucan: Fix infinite loop from zero-length messages

If a broken ucan device gets a message with the message length field set
to 0, then the driver will loop for forever in
ucan_read_bulk_callback(), hanging the system.  If the length is 0, just
skip the message and go on to the next one.

This has been fixed in the kvaser_usb driver in the past in commit
0c73772cd2b8 ("can: kvaser_usb: leaf: Fix potential infinite loop in
command parsers"), so there must be some broken devices out there like
this somewhere.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.19 < 5.10.253
LinuxLinux Kernel Version >= 5.11 < 5.15.203
LinuxLinux Kernel Version >= 5.16 < 6.1.167
LinuxLinux Kernel Version >= 6.2 < 6.6.130
LinuxLinux Kernel Version >= 6.7 < 6.12.77
LinuxLinux Kernel Version >= 6.13 < 6.18.17
LinuxLinux Kernel Version >= 6.19 < 6.19.7
LinuxLinux Kernel Version7.0 Updaterc1
LinuxLinux Kernel Version7.0 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.024
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://git.kernel.org/stable/c/ab6f075492d37368b4c7b0df7f7fdc2b666887fc
Patch
https://git.kernel.org/stable/c/13b646eec3ba1131180803f5aaf1fee23540ad8f
Patch
https://git.kernel.org/stable/c/bd85f21a6219aeae4389d700c54f1799f4b814e0
Patch
https://git.kernel.org/stable/c/aa9e0a7fe5efc2f74327fd37d828e9a51d9ff588
Patch
https://git.kernel.org/stable/c/c7bc62be6c1a60bb21301692009590b1ffda91d9
Patch
https://git.kernel.org/stable/c/1e446fd0582ad8be9f6dafb115fc2e7245f9bea7
Patch
https://git.kernel.org/stable/c/ca07d3c6eef14d34e6fdeefe55058db045be29dc
Patch
https://git.kernel.org/stable/c/e7bb6e0606b5f233531aaaad9542d69fbb792115
Patch