References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

can: ucan: Fix infinite loop from zero-length messages

If a broken ucan device gets a message with the message length field set
to 0, then the driver will loop for forever in
ucan_read_bulk_callback(), hanging the system.  If the length is 0, just
skip the message and go on to the next one.

This has been fixed in the kvaser_usb driver in the past in commit
0c73772cd2b8 ("can: kvaser_usb: leaf: Fix potential infinite loop in
command parsers"), so there must be some broken devices out there like
this somewhere.

https://git.kernel.org/stable/c/13b646eec3ba1131180803f5aaf1fee23540ad8f

https://git.kernel.org/stable/c/1e446fd0582ad8be9f6dafb115fc2e7245f9bea7

https://git.kernel.org/stable/c/aa9e0a7fe5efc2f74327fd37d828e9a51d9ff588

https://git.kernel.org/stable/c/ab6f075492d37368b4c7b0df7f7fdc2b666887fc

https://git.kernel.org/stable/c/bd85f21a6219aeae4389d700c54f1799f4b814e0

https://git.kernel.org/stable/c/c7bc62be6c1a60bb21301692009590b1ffda91d9