Bug 2300477 (CVE-2023-52887)

Summary: CVE-2023-52887 kernel: net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: dfreiber, drow, jburrell, vkumar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel 5.4.279, kernel 5.10.221, kernel 5.15.162, kernel 6.1.97, kernel 6.6.37, kernel 6.9.8, kernel 6.10 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2301652    
Bug Blocks:    

Description OSIDB Bzimport 2024-07-29 16:20:15 UTC 
In the Linux kernel, the following vulnerability has been resolved:

net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new

This patch enhances error handling in scenarios with RTS (Request to
Send) messages arriving closely. It replaces the less informative WARN_ON_ONCE
backtraces with a new error handling method. This provides clearer error
messages and allows for the early termination of problematic sessions.
Previously, sessions were only released at the end of j1939_xtp_rx_rts().

Potentially this could be reproduced with something like:
testj1939 -r vcan0:0x80 &
while true; do
	# send first RTS
	cansend vcan0 18EC8090#1014000303002301;
	# send second RTS
	cansend vcan0 18EC8090#1014000303002301;
	# send abort
	cansend vcan0 18EC8090#ff00000000002301;
done
Comment 1 Mauro Matteo Cascella 2024-07-30 14:46:57 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024072950-CVE-2023-52887-b839@gregkh/T
Comment 2 Mauro Matteo Cascella 2024-07-30 14:47:18 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2301652]
Comment 7 Rohit Keshri 2024-09-03 14:19:06 UTC 
This flaw should not qualify for a CVE until I miss something CVSS: 0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N