| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122426-CVE-2023-54152-5e4f@gregkh>
Date: Wed, 24 Dec 2025 14:07:49 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2023-54152: can: j1939: prevent deadlock by moving j1939_sk_errqueue()
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
can: j1939: prevent deadlock by moving j1939_sk_errqueue()
This commit addresses a deadlock situation that can occur in certain
scenarios, such as when running data TP/ETP transfer and subscribing to
the error queue while receiving a net down event. The deadlock involves
locks in the following order:
3
j1939_session_list_lock -> active_session_list_lock
j1939_session_activate
...
j1939_sk_queue_activate_next -> sk_session_queue_lock
...
j1939_xtp_rx_eoma_one
2
j1939_sk_queue_drop_all -> sk_session_queue_lock
...
j1939_sk_netdev_event_netdown -> j1939_socks_lock
j1939_netdev_notify
1
j1939_sk_errqueue -> j1939_socks_lock
__j1939_session_cancel -> active_session_list_lock
j1939_tp_rxtimer
CPU0 CPU1
---- ----
lock(&priv->active_session_list_lock);
lock(&jsk->sk_session_queue_lock);
lock(&priv->active_session_list_lock);
lock(&priv->j1939_socks_lock);
The solution implemented in this commit is to move the
j1939_sk_errqueue() call out of the active_session_list_lock context,
thus preventing the deadlock situation.
The Linux kernel CVE team has assigned CVE-2023-54152 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.15 with commit 5b9272e93f2efe3f6cda60cc2c26817b2ce49386 and fixed in 5.15.106 with commit 8a581b71cf686b4cd1a85c9c2dfc2fb88382c3b4
Issue introduced in 5.15 with commit 5b9272e93f2efe3f6cda60cc2c26817b2ce49386 and fixed in 6.1.23 with commit ace6aa2ab5ba5869563ca689bbd912100514ae7b
Issue introduced in 5.15 with commit 5b9272e93f2efe3f6cda60cc2c26817b2ce49386 and fixed in 6.2.10 with commit f09ce9d765de1f064ce3919f57c6beb061744784
Issue introduced in 5.15 with commit 5b9272e93f2efe3f6cda60cc2c26817b2ce49386 and fixed in 6.3 with commit d1366b283d94ac4537a4b3a1e8668da4df7ce7e9
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2023-54152
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
net/can/j1939/transport.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/8a581b71cf686b4cd1a85c9c2dfc2fb88382c3b4
https://git.kernel.org/stable/c/ace6aa2ab5ba5869563ca689bbd912100514ae7b
https://git.kernel.org/stable/c/f09ce9d765de1f064ce3919f57c6beb061744784
https://git.kernel.org/stable/c/d1366b283d94ac4537a4b3a1e8668da4df7ce7e9
Powered by blists - more mailing lists