CVE-2026-23298

In the Linux kernel, the following vulnerability has been resolved:

can: ucan: Fix infinite loop from zero-length messages

If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucan read bulk callback(), hanging the system. If the length is 0, just skip the message and go on to the next one.

This has been fixed in the kvaser usb driver in the past in commit 0c73772cd2b8 ("can: kvaser usb: leaf: Fix potential infinite loop in command parsers"), so there must be some broken devices out there like this somewhere.