Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-5563: drivers: can: sja1000: a bus-off event can cause a fatal exception

The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception.

CVE
Open in Source

Package

No package listed

Affected versions

<= 3.4.0

Description

Summary

The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception as reported in #63712.

Details

Please see details in #63712.

PoC

Please see details in #63712.

Impact

Remotely triggered fatal exception.

Patches

This has been fixed in:

  • main (v3.5 development cycle) #63713
  • 3.4 #63718
  • 3.3 #63717

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE