PT-2024-14772 · Linux+5 · Linux Kernel+5

Published

2023-11-17

Updated

2025-02-03

CVE-2023-52887

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue concerns enhanced error handling for tightly received RTS (Request to Send) messages in the xtp rx rts session new function of the Linux kernel's j1939 module. It replaces less informative error backtraces with a new method, providing clearer error messages and allowing for the early termination of problematic sessions. Previously, sessions were only released at the end of j1939 xtp rx rts(). The issue could potentially be reproduced by sending closely timed RTS messages and an abort message.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Assertion Failure

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-388CWE-617CWE-20

Related Identifiers

BDU:2025-02534

CVE-2023-52887

DLA-4008-1

OESA-2024-1961

OESA-2024-1962

OESA-2024-1964

OESA-2025-1078

OPENSUSE-SU-2024_3190-1

OPENSUSE-SU-2024_3209-1

OPENSUSE-SU-2024_3483-1

SUSE-SU-2024:3190-1

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3383-1

SUSE-SU-2024:3483-1

SUSE-SU-2025:20044-1

SUSE-SU-2025:20047-1

USN-7003-1

USN-7003-2

USN-7003-3

USN-7003-4

USN-7003-5

USN-7006-1

USN-7007-1

USN-7007-2

USN-7007-3

USN-7009-1

USN-7009-2

USN-7019-1

USN-7089-1

USN-7089-2

USN-7089-3

USN-7089-4

USN-7089-5

USN-7089-6

USN-7089-7

USN-7090-1

USN-7095-1

USN-7156-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-14772 · Linux+5 · Linux Kernel+5

CVE-2023-52887

Weakness Enumeration

Related Identifiers

Affected Products

References · 2390