Homepage

CVE-2023-52887 Affecting linux-6.1 package, versions <6.1.119-1~deb11u1

Severity

 Recommended
low

Based on default assessment until relevant scores are available.

Threat Intelligence

EPSS
0.04% (12th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN11-LINUX61-8600869
  • published2 Jan 2025
  • disclosed29 Jul 2024
Report a new vulnerability Found a mistake?

Introduced: 29 Jul 2024

CVE-2023-52887  (opens in a new tab)

How to fix?

Upgrade Debian:11 linux-6.1 to version 6.1.119-1~deb11u1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream linux-6.1 package and not the linux-6.1 package as distributed by Debian. See How to fix? for Debian:11 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new

This patch enhances error handling in scenarios with RTS (Request to Send) messages arriving closely. It replaces the less informative WARN_ON_ONCE backtraces with a new error handling method. This provides clearer error messages and allows for the early termination of problematic sessions. Previously, sessions were only released at the end of j1939_xtp_rx_rts().

Potentially this could be reproduced with something like: testj1939 -r vcan0:0x80 & while true; do # send first RTS cansend vcan0 18EC8090#1014000303002301; # send second RTS cansend vcan0 18EC8090#1014000303002301; # send abort cansend vcan0 18EC8090#ff00000000002301; done

CVSS Scores

version 3.1