Vitor Soares

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue occurs when the `mcp251xfd start xmit()` function fails, causing the driver to stop processing messages and the interrupt routine to run indefinitely. This can happen when multiple devices share the same SPI interface and there is concurrent access to the bus. The problem is due to `tx ring->head` incrementing even if `mcp251xfd start xmit()` fails, resulting in the driver skipping one TX package while expecting a response in `mcp251xfd handle tefif one()`. Error messages are generated, including `[ 441.298819] mcp251xfd spi2.0 can0: ERROR in mcp251xfd start xmit: -16` and `[ 441.306498] mcp251xfd spi2.0 can0: Transmit Event FIFO buffer not empty`. The issue can be resolved by starting a workqueue to write the tx obj synchronously if `err = -EBUSY`, and in case of another error, decrementing `tx ring->head`, removing `skb` from the echo stack, and dropping the message. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.