{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23362", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.002Z", "datePublished": "2026-03-25T10:27:45.476Z", "dateUpdated": "2026-05-11T22:05:24.238Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:05:24.238Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: fix locking for bcm_op runtime updates\n\nCommit c2aba69d0c36 (\"can: bcm: add locking for bcm_op runtime updates\")\nadded a locking for some variables that can be modified at runtime when\nupdating the sending bcm_op with a new TX_SETUP command in bcm_tx_setup().\n\nUsually the RX_SETUP only handles and filters incoming traffic with one\nexception: When the RX_RTR_FRAME flag is set a predefined CAN frame is\nsent when a specific RTR frame is received. Therefore the rx bcm_op uses\nbcm_can_tx() which uses the bcm_tx_lock that was only initialized in\nbcm_tx_setup(). Add the missing spin_lock_init() when allocating the\nbcm_op in bcm_rx_setup() to handle the RTR case properly."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/can/bcm.c"], "versions": [{"version": "7595de7bc56e0e52b74e56c90f7e247bf626d628", "lessThan": "0904037e713f787d1376e1d349c3bdf6c3105881", "status": "affected", "versionType": "git"}, {"version": "fbd8fdc2b218e979cfe422b139b8f74c12419d1f", "lessThan": "c85b96eaf766d8f066b1139a17a51efa2f6627ef", "status": "affected", "versionType": "git"}, {"version": "2a437b86ac5a9893c902f30ef66815bf13587bf6", "lessThan": "800f26f11ae37b17f58e0001f28a47dd75c26557", "status": "affected", "versionType": "git"}, {"version": "76c84c3728178b2d38d5604e399dfe8b0752645e", "lessThan": "70e951afad4c025261fe3c952d2b07237e320a01", "status": "affected", "versionType": "git"}, {"version": "cc55dd28c20a6611e30596019b3b2f636819a4c0", "lessThan": "8bcf2d847adb82b2c617456f6da17ac5e6c75285", "status": "affected", "versionType": "git"}, {"version": "c2aba69d0c36a496ab4f2e81e9c2b271f2693fd7", "lessThan": "8215ba7bc99e84e66fd6938874ec4330a9d96518", "status": "affected", "versionType": "git"}, {"version": "c2aba69d0c36a496ab4f2e81e9c2b271f2693fd7", "lessThan": "f0c349b2c21b220af5ba19f29b885e222958d796", "status": "affected", "versionType": "git"}, {"version": "c2aba69d0c36a496ab4f2e81e9c2b271f2693fd7", "lessThan": "c35636e91e392e1540949bbc67932167cb48bc3a", "status": "affected", "versionType": "git"}, {"version": "8f1c022541bf5a923c8d6fa483112c15250f30a4", "status": "affected", "versionType": "git"}, {"version": "c4e8a172501e677ebd8ea9d9161d97dc4df56fbd", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/can/bcm.c"], "versions": [{"version": "6.15", "status": "affected"}, {"version": "0", "lessThan": "6.15", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.253", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.238", "versionEndExcluding": "5.10.253"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.185", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.141", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.93", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12.31", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.15", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.15", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.15", "versionEndExcluding": "7.0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.294"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14.9"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0904037e713f787d1376e1d349c3bdf6c3105881"}, {"url": "https://git.kernel.org/stable/c/c85b96eaf766d8f066b1139a17a51efa2f6627ef"}, {"url": "https://git.kernel.org/stable/c/800f26f11ae37b17f58e0001f28a47dd75c26557"}, {"url": "https://git.kernel.org/stable/c/70e951afad4c025261fe3c952d2b07237e320a01"}, {"url": "https://git.kernel.org/stable/c/8bcf2d847adb82b2c617456f6da17ac5e6c75285"}, {"url": "https://git.kernel.org/stable/c/8215ba7bc99e84e66fd6938874ec4330a9d96518"}, {"url": "https://git.kernel.org/stable/c/f0c349b2c21b220af5ba19f29b885e222958d796"}, {"url": "https://git.kernel.org/stable/c/c35636e91e392e1540949bbc67932167cb48bc3a"}], "title": "can: bcm: fix locking for bcm_op runtime updates", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FBD5FA06-25ED-4FE0-8604-5BDB21C9E729", "versionEndExcluding": "5.5", "versionStartIncluding": "5.4.294", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A912012-AE04-49B5-94AE-E2993987B0A0", "versionEndExcluding": "5.10.253", "versionStartIncluding": "5.10.238", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6ED5CCA-6E0F-40E1-AF6E-3A57BA54098B", "versionEndExcluding": "5.15.203", "versionStartIncluding": "5.15.185", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDD1D8B2-20FE-40AF-A5EA-5169157150FB", "versionEndExcluding": "6.1.167", "versionStartIncluding": "6.1.141", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "17AE9DB4-4F5D-4FE8-918B-4F6A140B0F5F", "versionEndExcluding": "6.6.130", "versionStartIncluding": "6.6.93", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "74174A81-0BA7-4DEF-A10F-237324F0939A", "versionEndExcluding": "6.12.77", "versionStartIncluding": "6.12.31", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2932EEA2-2EDB-4FE6-9BF4-C1F90FF22950", "versionEndExcluding": "6.15", "versionStartIncluding": "6.14.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D191BA48-F88E-41E8-9D62-4614C423FFA2", "versionEndExcluding": "6.18.17", "versionStartIncluding": "6.15.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "69245D10-0B71-485E-80C3-A64F077004D3", "versionEndExcluding": "6.19.7", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.15:-:*:*:*:*:*:*", "matchCriteriaId": "A1ECC65A-EE37-4479-8E99-4BB68A22A31F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: fix locking for bcm_op runtime updates\n\nCommit c2aba69d0c36 (\"can: bcm: add locking for bcm_op runtime updates\")\nadded a locking for some variables that can be modified at runtime when\nupdating the sending bcm_op with a new TX_SETUP command in bcm_tx_setup().\n\nUsually the RX_SETUP only handles and filters incoming traffic with one\nexception: When the RX_RTR_FRAME flag is set a predefined CAN frame is\nsent when a specific RTR frame is received. Therefore the rx bcm_op uses\nbcm_can_tx() which uses the bcm_tx_lock that was only initialized in\nbcm_tx_setup(). Add the missing spin_lock_init() when allocating the\nbcm_op in bcm_rx_setup() to handle the RTR case properly."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\ncan: bcm: corregir el bloqueo para las actualizaciones en tiempo de ejecuci\u00f3n de bcm_op\n\nEl commit c2aba69d0c36 ('can: bcm: a\u00f1adir bloqueo para las actualizaciones en tiempo de ejecuci\u00f3n de bcm_op') a\u00f1adi\u00f3 un bloqueo para algunas variables que pueden ser modificadas en tiempo de ejecuci\u00f3n al actualizar el bcm_op de env\u00edo con un nuevo comando TX_SETUP en bcm_tx_setup().\n\nNormalmente, el RX_SETUP solo maneja y filtra el tr\u00e1fico entrante con una excepci\u00f3n: Cuando la bandera RX_RTR_FRAME est\u00e1 establecida, se env\u00eda una trama CAN predefinida cuando se recibe una trama RTR espec\u00edfica. Por lo tanto, el bcm_op de rx usa bcm_can_tx() que usa el bcm_tx_lock que solo fue inicializado en bcm_tx_setup(). A\u00f1adir el spin_lock_init() faltante al asignar el bcm_op en bcm_rx_setup() para manejar el caso RTR correctamente."}], "id": "CVE-2026-23362", "lastModified": "2026-04-24T18:21:28.463", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-25T11:16:35.220", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0904037e713f787d1376e1d349c3bdf6c3105881"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/70e951afad4c025261fe3c952d2b07237e320a01"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/800f26f11ae37b17f58e0001f28a47dd75c26557"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8215ba7bc99e84e66fd6938874ec4330a9d96518"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8bcf2d847adb82b2c617456f6da17ac5e6c75285"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c35636e91e392e1540949bbc67932167cb48bc3a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c85b96eaf766d8f066b1139a17a51efa2f6627ef"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f0c349b2c21b220af5ba19f29b885e222958d796"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: can: bcm: fix locking for bcm_op runtime updates", "id": "2451256", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451256"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-909", "details": ["A flaw was found in the Linux kernel's Controller Area Network (CAN) Broadcast Manager (BCM) module. When the RX_RTR_FRAME flag is set and a specific Remote Transmission Request (RTR) frame is received, the bcm_tx_lock was not properly initialized in the bcm_rx_setup() function. This missing initialization of the lock could lead to a race condition, potentially allowing a local attacker to cause a Denial of Service (DoS) by triggering system instability."], "name": "CVE-2026-23362", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23362\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23362\nhttps://lore.kernel.org/linux-cve-announce/2026032539-CVE-2026-23362-40bd@gregkh/T"], "statement": "This flaw affects systems using CAN bus with the BCM (Broadcast Manager) socket. The missing spin_lock_init() for bcm_tx_lock in bcm_rx_setup() causes issues when RX_RTR_FRAME is used, as bcm_can_tx() accesses the uninitialized lock. Requires CAN interface and BCM socket usage with RTR frames.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[2a437b86ac5a9893c902f30ef66815bf13587bf6,800f26f11ae37b17f58e0001f28a47dd75c26557)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[76c84c3728178b2d38d5604e399dfe8b0752645e,70e951afad4c025261fe3c952d2b07237e320a01)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[cc55dd28c20a6611e30596019b3b2f636819a4c0,8bcf2d847adb82b2c617456f6da17ac5e6c75285)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[c2aba69d0c36a496ab4f2e81e9c2b271f2693fd7,8215ba7bc99e84e66fd6938874ec4330a9d96518)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[c2aba69d0c36a496ab4f2e81e9c2b271f2693fd7,f0c349b2c21b220af5ba19f29b885e222958d796)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[c2aba69d0c36a496ab4f2e81e9c2b271f2693fd7,c35636e91e392e1540949bbc67932167cb48bc3a)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "8f1c022541bf5a923c8d6fa483112c15250f30a4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "7595de7bc56e0e52b74e56c90f7e247bf626d628"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "fbd8fdc2b218e979cfe422b139b8f74c12419d1f"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "c4e8a172501e677ebd8ea9d9161d97dc4df56fbd"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.15"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.15)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.167,7.0.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.130,7.0.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.77,7.0.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.17,7.0.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,7.0.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc3,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T17:04:12.788885+00:00", "value": {"mitigation_remediation": ["Apply a kernel update that includes commit c2aba69d0c36 (or a later patch that addresses CVE-2026-23362).", "Restrict user access to the CAN device nodes to prevent unprivileged or untrusted applications from triggering the race condition.", "Monitor kernel logs (dmesg, journalctl) for signs of CAN driver instability or repeated errors related to bcm_op."], "summary": {"action": "Update Kernel", "impact": "Kernel instability due to race condition in CAN bus driver"}, "threat_synthesis": {"affected_systems": "All Linux kernel distributions that ship a bcm driver version prior to the patch identified by commit c2aba69d0c36 are affected. The CNA lists the generic vendor/product pair Linux:Linux, and no specific kernel release numbers are provided, so any kernel prior to the application of this commit would be vulnerable. Users of embedded systems, automotive platforms, or other environments that utilize the CAN bus through the bcm driver may be impacted.", "description_and_impact": "An improper initialization of a spin lock in the Linux kernel\u2019s CAN bus (bcm) driver can create a race condition when updating bcm_op structures with TX_SETUP commands. If the lock is omitted, concurrent access to the bcm_op may result in corrupted CAN frame configuration or stale data being transmitted, which can compromise the integrity of CAN traffic and potentially crash the kernel. This flaw does not directly expose sensitive data but can lead to inconsistent device behaviour or denial of service for applications relying on the CAN interface.", "risk_and_exploitability": "The vulnerability receives a CVSS base score of 5.5 indicating moderate severity, while the EPSS score is below 1% suggesting a low likelihood of exploitation. It is not included in the CISA KEV catalog, implying no known widespread exploitation. Attack exploitation is likely limited to local privileged users with access to the CAN device because no remote network vector is documented. Once patched, the risk is mitigated; before patching, a malicious local process could manipulate CAN traffic or cause instability, but no public exploits are known."}}}}, "created": "2026-03-25T21:31:53.796088+00:00", "updated": "2026-04-28T17:15:21.235158+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}