PT-2023-32178 · Unknown · Sja1000 Can Controller Driver Backend

Henrikbrixandersen

Published

2023-10-12

Updated

2023-10-18

CVE-2023-5563

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions SJA1000 CAN controller driver backend (affected versions not specified)

Description The issue arises when the SJA1000 CAN controller driver backend is built with CONFIG CAN AUTO BUS OFF RECOVERY=y, causing it to automatically attempt to recover from a bus-off event. This results in calling k sleep() in IRQ context, leading to a fatal exception.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-703

Related Identifiers

CVE-2023-5563

GHSA-98MC-RJ7W-7RPV

Affected Products

Sja1000 Can Controller Driver Backend

PT-2023-32178 · Unknown · Sja1000 Can Controller Driver Backend

CVE-2023-5563

Weakness Enumeration

Related Identifiers

Affected Products

References · 4