CVE-2023-52887

Advisory lineage Upstream: 0 Downstream: 33

Downstream

DEBIAN-CVE-2023-52887 DLA-4008-1 SUSE-SU-2024:3190-1 SUSE-SU-2024:3194-1 SUSE-SU-2024:3195-1 SUSE-SU-2024:3209-1

Modified

Published: 29 Jul 2024, 15:52

Last modified:11 May 2026, 19:34

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (nvd)

EPSS Score

<0.01% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

29 Jul 2024, 15:52

Published

Vulnerability first disclosed

11 May 2026, 19:34

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new This patch enhances error handling in scenarios with RTS (Request to Send) messages arriving closely. It replaces the less informative WARN_ON_ONCE backtraces with a new error handling method. This provides clearer error messages and allows for the early termination of problematic sessions. Previously, sessions were only released at the end of j1939_xtp_rx_rts(). Potentially this could be reproduced with something like: testj1939 -r vcan0:0x80 & while true; do # send first RTS cansend vcan0 18EC8090#1014000303002301; # send second RTS cansend vcan0 18EC8090#1014000303002301; # send abort cansend vcan0 18EC8090#ff00000000002301; done

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.00%• Percentile: 0%

Techniques & Countermeasures

CWE-617•Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Affected Systems

linux•linux
≥ 9d71dd0c70099914fcd063135da3c580865e924c, < ed581989d7ea9df6f8646beba2341e32cd49a1f9 | ≥ 9d71dd0c70099914fcd063135da3c580865e924c, < f6c839e717901dbd6b1c1ca807b6210222eb70f6 | ≥ 9d71dd0c70099914fcd063135da3c580865e924c, < 1762ca80c2b72dd1b5821c5e347713ae696276ea | ≥ 9d71dd0c70099914fcd063135da3c580865e924c, < 26b18dd30e63d4fd777be429148e8e4ed66f60b2 | ≥ 9d71dd0c70099914fcd063135da3c580865e924c, < 177e33b655d35d72866b50aec84307119dc5f3d4 | ≥ 9d71dd0c70099914fcd063135da3c580865e924c, < 0bc0a7416ea73f79f915c9a05ac0858dff65cfed | ≥ 9d71dd0c70099914fcd063135da3c580865e924c, < d3e2904f71ea0fe7eaff1d68a2b0363c888ea0fb | 5.4
linux•linux_kernel
≥ 5.4, < 5.4.279 | ≥ 5.5, < 5.10.221 | ≥ 5.11, < 5.15.162 | ≥ 5.16, < 6.1.97 | ≥ 6.2, < 6.6.37 | ≥ 6.7, < 6.9.8 | 6.10:rc1 | 6.10:rc2 | 6.10:rc3 | 6.10:rc4 | 6.10:rc5