CVE - CVE-2023-52638

CVE-ID
CVE-2023-52638	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock The following 3 locks would race against each other, causing the deadlock situation in the Syzbot bug report: - j1939_socks_lock - active_session_list_lock - sk_session_queue_lock A reasonable fix is to change j1939_socks_lock to an rwlock, since in the rare situations where a write lock is required for the linked list that j1939_socks_lock is protecting, the code does not attempt to acquire any more locks. This would break the circular lock dependency, where, for example, the current thread already locks j1939_socks_lock and attempts to acquire sk_session_queue_lock, and at the same time, another thread attempts to acquire j1939_socks_lock while holding sk_session_queue_lock. NOTE: This patch along does not fix the unregister_netdevice bug reported by Syzbot; instead, it solves a deadlock situation to prepare for one or more further patches to actually fix the Syzbot bug, which appears to be a reference counting problem within the j1939 codebase. [mkl: remove unrelated newline change]
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/03358aba991668d3bb2c65b3c82aa32c36851170 URL:https://git.kernel.org/stable/c/03358aba991668d3bb2c65b3c82aa32c36851170 MISC:https://git.kernel.org/stable/c/26dfe112ec2e95fe0099681f6aec33da13c2dd8e URL:https://git.kernel.org/stable/c/26dfe112ec2e95fe0099681f6aec33da13c2dd8e MISC:https://git.kernel.org/stable/c/559b6322f9480bff68cfa98d108991e945a4f284 URL:https://git.kernel.org/stable/c/559b6322f9480bff68cfa98d108991e945a4f284 MISC:https://git.kernel.org/stable/c/6cdedc18ba7b9dacc36466e27e3267d201948c8d URL:https://git.kernel.org/stable/c/6cdedc18ba7b9dacc36466e27e3267d201948c8d MISC:https://git.kernel.org/stable/c/aedda066d717a0b4335d7e0a00b2e3a61e40afcf URL:https://git.kernel.org/stable/c/aedda066d717a0b4335d7e0a00b2e3a61e40afcf
Assigning CNA
kernel.org
Date Record Created
20240306	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240306)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)