CVE-2026-23298

can: ucan: Fix infinite loop from zero-length messages

Description

In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucan_read_bulk_callback(), hanging the system. If the length is 0, just skip the message and go on to the next one. This has been fixed in the kvaser_usb driver in the past in commit 0c73772cd2b8 ("can: kvaser_usb: leaf: Fix potential infinite loop in command parsers"), so there must be some broken devices out there like this somewhere.

INFO

Published Date :

2026-03-25T10:26:54.830Z

Last Modified :

2026-04-18T08:57:46.166Z

Source :

Linux

AFFECTED PRODUCTS

The following products are affected by CVE-2026-23298 vulnerability.

Vendors	Products
Linux	Linux Kernel

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23298.

URL	Resource
https://git.kernel.org/stable/c/13b646eec3ba1131180803f5aaf1fee23540ad8f
https://git.kernel.org/stable/c/1e446fd0582ad8be9f6dafb115fc2e7245f9bea7
https://git.kernel.org/stable/c/aa9e0a7fe5efc2f74327fd37d828e9a51d9ff588
https://git.kernel.org/stable/c/ab6f075492d37368b4c7b0df7f7fdc2b666887fc
https://git.kernel.org/stable/c/bd85f21a6219aeae4389d700c54f1799f4b814e0
https://git.kernel.org/stable/c/c7bc62be6c1a60bb21301692009590b1ffda91d9
https://git.kernel.org/stable/c/ca07d3c6eef14d34e6fdeefe55058db045be29dc
https://git.kernel.org/stable/c/e7bb6e0606b5f233531aaaad9542d69fbb792115
https://lore.kernel.org/linux-cve-announce/2026032526-CVE-2026-23298-fad9@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23298
https://www.cve.org/CVERecord?id=CVE-2026-23298

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact