Description
In the Linux kernel, the following vulnerability has been resolved:

can: bcm: fix locking for bcm_op runtime updates

Commit c2aba69d0c36 ("can: bcm: add locking for bcm_op runtime updates")
added a locking for some variables that can be modified at runtime when
updating the sending bcm_op with a new TX_SETUP command in bcm_tx_setup().

Usually the RX_SETUP only handles and filters incoming traffic with one
exception: When the RX_RTR_FRAME flag is set a predefined CAN frame is
sent when a specific RTR frame is received. Therefore the rx bcm_op uses
bcm_can_tx() which uses the bcm_tx_lock that was only initialized in
bcm_tx_setup(). Add the missing spin_lock_init() when allocating the
bcm_op in bcm_rx_setup() to handle the RTR case properly.
Published: 2026-03-25
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Kernel instability due to race condition in CAN bus driver
Action: Update Kernel
AI Analysis

Impact

An improper initialization of a spin lock in the Linux kernel’s CAN bus (bcm) driver can create a race condition when updating bcm_op structures with TX_SETUP commands. If the lock is omitted, concurrent access to the bcm_op may result in corrupted CAN frame configuration or stale data being transmitted, which can compromise the integrity of CAN traffic and potentially crash the kernel. This flaw does not directly expose sensitive data but can lead to inconsistent device behaviour or denial‑of‑service for applications relying on the CAN interface.

Affected Systems

All Linux kernel distributions that ship a bcm driver version prior to the patch identified by commit c2aba69d0c36 are affected. The CNA lists the generic vendor/product pair Linux:Linux, and no specific kernel release numbers are provided, so any kernel prior to the application of this commit would be vulnerable. Users of embedded systems, automotive platforms, or other environments that utilize the CAN bus through the bcm driver may be impacted.

Risk and Exploitability

The vulnerability receives a CVSS base score of 5.5 indicating moderate severity, while the EPSS score is below 1% suggesting a low likelihood of exploitation. It is not included in the CISA KEV catalog, implying no known widespread exploitation. Attack exploitation is likely limited to local privileged users with access to the CAN device because no remote network vector is documented. Once patched, the risk is mitigated; before patching, a malicious local process could manipulate CAN traffic or cause instability, but no public exploits are known.

Generated by OpenCVE AI on March 26, 2026 at 14:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that includes commit c2aba69d0c36 (or a later patch that addresses CVE‑2026‑23362).
  • Verify that all CAN bus drivers on the system have been updated to the patched version.
  • Restrict user access to the CAN device nodes to prevent unprivileged or untrusted applications from triggering the race condition.
  • Monitor kernel logs (dmesg, journalctl) for signs of CAN driver instability or repeated errors related to bcm_op.
  • If updating is not yet possible, consider disabling or isolating the CAN interface until the patch can be applied.

Generated by OpenCVE AI on March 26, 2026 at 14:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
References

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Thu, 26 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-909
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: can: bcm: fix locking for bcm_op runtime updates Commit c2aba69d0c36 ("can: bcm: add locking for bcm_op runtime updates") added a locking for some variables that can be modified at runtime when updating the sending bcm_op with a new TX_SETUP command in bcm_tx_setup(). Usually the RX_SETUP only handles and filters incoming traffic with one exception: When the RX_RTR_FRAME flag is set a predefined CAN frame is sent when a specific RTR frame is received. Therefore the rx bcm_op uses bcm_can_tx() which uses the bcm_tx_lock that was only initialized in bcm_tx_setup(). Add the missing spin_lock_init() when allocating the bcm_op in bcm_rx_setup() to handle the RTR case properly.
Title can: bcm: fix locking for bcm_op runtime updates
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-18T08:58:12.167Z

Reserved: 2026-01-13T15:37:46.002Z

Link: CVE-2026-23362

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T11:16:35.220

Modified: 2026-04-18T09:16:21.250

Link: CVE-2026-23362

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23362 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:49:15Z

Weaknesses