VDB

DEBIAN-CVE-2026-23362

DEBIAN-CVE-2026-23362 PUBLISHED CVSS 5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: can: bcm: fix locking for bcm_op runtime updates Commit c2aba69d0c36 ("can: bcm: add locking for bcm_op runtime updates") added a locking for some variables that can be modified at runtime when updating the sending bcm_op with a new TX_SETUP command in bcm_tx_setup(). Usually the RX_SETUP only handles and filters incoming traffic with one exception: When the RX_RTR_FRAME flag is set a predefined CAN frame is sent when a specific RTR frame is received. Therefore the rx bcm_op uses bcm_can_tx() which uses the bcm_tx_lock that was only initialized in bcm_tx_setup(). Add the missing spin_lock_init() when allocating the bcm_op in bcm_rx_setup() to handle the RTR case properly.

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Debian:11linux-6.16.1.164-1, 6.1.162-1, 6.1.159-1
Debian:12linux6.12.9-1~bpo12+1, 6.12~rc6-1~exp1, 6.13.10-1~exp1
Debian:13linux6.12.43-1~bpo12+1, 6.12.41-1, 6.12.38-1
Debian:14linux6.13.3-1, 6.13.4-1, 6.13.5-1
Debian:11linux6.1.38-2, 6.1.38-3, 6.1.38-4

Exploit Intelligence

Timeline

  • Mar 25, 2026 CVE Published
  • May 2, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›