CVE-2023-54152
Description
In the Linux kernel, the following vulnerability has been resolved:
can: j1939: prevent deadlock by moving j1939_sk_errqueue()
This commit addresses a deadlock situation that can occur in certain scenarios, such as when running data TP/ETP transfer and subscribing to the error queue while receiving a net down event. The deadlock involves locks in the following order:
3 j1939_session_list_lock -> active_session_list_lock j1939_session_activate ... j1939_sk_queue_activate_next -> sk_session_queue_lock ... j1939_xtp_rx_eoma_one
2 j1939_sk_queue_drop_all -> sk_session_queue_lock ... j1939_sk_netdev_event_netdown -> j1939_socks_lock j1939_netdev_notify
1 j1939_sk_errqueue -> j1939_socks_lock __j1939_session_cancel -> active_session_list_lock j1939_tp_rxtimer
CPU0 CPU1 ---- ---- lock(&priv->active_session_list_lock); lock(&jsk->sk_session_queue_lock); lock(&priv->active_session_list_lock); lock(&priv->j1939_socks_lock);
The solution implemented in this commit is to move the j1939_sk_errqueue() call out of the active_session_list_lock context, thus preventing the deadlock situation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A deadlock in the Linux kernel panic in Linux CAN J1939 subsystem when data TP/ETP transfer and error queue subscription coincide with a net down event.
Vulnerability
Overview
CVE-2023-54152 is a deadlock vulnerability in the Linux kernel's CAN (Controller Area Network) J1939 protocol implementation. The root cause is a circular lock dependency that can be triggered when a J1939 session is active (e.g., during data TP/ETP transfer) and a user-space application subscribes to the error queue while a network interface down event occurs. The deadlock involves three locks: active_session_list_lock, sk_session_queue_lock, and j1939_socks_lock, which can be acquired in conflicting orders on different CPUs [1].
Exploitation
Conditions
An attacker would need to be able to trigger a net down event on a CAN interface while a J1939 data transfer session is in progress and a process(es) have subscribed to the error queue. This scenario can occur locally on a system using the J1939 protocol stack. No special privileges beyond the ability to send CAN frames and manage network interfaces are required, but the attack surface is limited to systems with the J1939 module loaded and active sessions [1].
Impact
Impact
If the deadlock is triggered, the kernel enters a state where affected processes hang indefinitely, leading to a denial of service (DoS) on the system. The deadlock can cause a system hang or panic, making the machine unavailable. There is no evidence of memory corruption or privilege escalation from this bug [1].
Mitigation
The fix, committed in kernel stable tree commit f09ce9d765de, moves the j1939_sk_errqueue() call outside the active_session_list_lock context, breaking the circular lock chain. Users should apply the latest stable kernel updates that include this patch. No workaround is available other than avoiding the specific combination of operations (e.g., not subscribing to error queue subscription during active sessions) [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
48a581b71cf68ace6aa2ab5baf09ce9d765ded1366b283d94Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.