Skip to main content

Linux EUVDEUVD-2026-15332

| CVE-2026-23357 MEDIUM
Improper Locking (CWE-667)
2026-03-25 Linux GHSA-f94p-fcww-cpfj
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
Apr 24, 2026 - 19:07 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15332
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:27 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

can: mcp251x: fix deadlock in error path of mcp251x_open

The mcp251x_open() function call free_irq() in its error path with the mpc_lock mutex held. But if an interrupt already occurred the interrupt handler will be waiting for the mpc_lock and free_irq() will deadlock waiting for the handler to finish.

This issue is similar to the one fixed in commit 7dd9c26bd6cf ("can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open") but for the error path.

To solve this issue move the call to free_irq() after the lock is released. Setting priv->force_quit = 1 beforehand ensure that the IRQ handler will exit right away once it acquired the lock.

AnalysisAI

A deadlock vulnerability exists in the Linux kernel's mcp251x CAN bus driver where the mcp251x_open() function calls free_irq() while holding the mpc_lock mutex during error handling, causing the function to deadlock if an interrupt occurs simultaneously. This affects all Linux kernel versions with the vulnerable mcp251x driver code, and while not actively exploited in the wild (no KEV status indicates no in-the-wild exploitation), it represents a local denial of service condition where a user with appropriate device access can trigger driver initialization failures that hang the system.

Technical ContextAI

The mcp251x is a CAN (Controller Area Network) bus driver in the Linux kernel responsible for managing Microchip MCP2515 and related CAN controller chips. The vulnerability is rooted in classic synchronization logic error (CWE-910: Use of Insufficiently Trusted Source, related to improper lock management during exception paths): the error handling path in mcp251x_open() acquires mpc_lock, then calls free_irq() while holding that lock. If an interrupt fires during this window, the interrupt handler attempts to acquire the same mutex, creating a circular wait condition. The CPE cpe:2.3:a:linux:linux identifies all Linux kernel versions as affected. This mirrors a previously fixed issue (commit 7dd9c26bd6cf) but in the error cleanup path rather than the normal open path.

RemediationAI

Update the Linux kernel to a version containing the mcp251x deadlock fix (available in multiple stable branches via the referenced git commits at https://git.kernel.org/stable/). The primary fix involves moving the free_irq() call outside the mpc_lock mutex critical section and setting priv->force_quit = 1 before releasing the lock, allowing the interrupt handler to exit cleanly if it acquires the lock after free_irq() begins execution. Until kernel patching is completed, avoid triggering mcp251x device initialization during high-frequency interrupt activity or during device removal; disable the mcp251x driver module if the hardware is not in use. Consult your Linux distribution (Fedora, Ubuntu, Red Hat, Debian, etc.) for backported kernel updates addressing CVE-2026-23357.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye vulnerable 5.10.223-1 -
bullseye (security) vulnerable 5.10.251-1 -
bookworm vulnerable 6.1.159-1 -
bookworm (security) vulnerable 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-15332 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy