VDB

CVE-2026-23298

CVE-2026-23298 PUBLISHED CVSS 5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucan_read_bulk_callback(), hanging the system. If the length is 0, just skip the message and go on to the next one. This has been fixed in the kvaser_usb driver in the past in commit 0c73772cd2b8 ("can: kvaser_usb: leaf: Fix potential infinite loop in command parsers"), so there must be some broken devices out there like this somewhere.

EPSS 0.03% · 9.5th percentile

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.03%
9.5th percentile

Affected Products

VendorProductVersions
LinuxLinux7.0, 6.19.7, *
linuxlinux_kernel4.19, 4.19, 4.19

Timeline

  • Mar 25, 2026 EPSS Score
  • Mar 25, 2026 Coalition ESS Score
  • Mar 25, 2026 CVE Published
  • Mar 29, 2026 Security Advisory
  • Mar 29, 2026 PoC Published
  • Mar 31, 2026 Security Advisory
  • Mar 31, 2026 Security Advisory
  • Mar 31, 2026 Security Advisory
  • Mar 31, 2026 Security Advisory
  • Mar 31, 2026 Security Advisory
  • Mar 31, 2026 Security Advisory
  • Mar 31, 2026 Security Advisory

References

…and 135 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›