CVE-2026-23298

ADVISORY - nist

Summary

In the Linux kernel, the following vulnerability has been resolved:

can: ucan: Fix infinite loop from zero-length messages

If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucan_read_bulk_callback(), hanging the system. If the length is 0, just skip the message and go on to the next one.

This has been fixed in the kvaser_usb driver in the past in commit 0c73772cd2b8 ("can: kvaser_usb: leaf: Fix potential infinite loop in command parsers"), so there must be some broken devices out there like this somewhere.

EPSS Score: 0.00123 (0.024)

Common Weakness Enumeration (CWE)

ADVISORY - nist

Loop with Unreachable Exit Condition ('Infinite Loop')

ADVISORY - redhat

Unchecked Input for Loop Condition


Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in