CVE-2026-23362

EUVD-2026-15342
In the Linux kernel, the following vulnerability has been resolved:

can: bcm: fix locking for bcm_op runtime updates

Commit c2aba69d0c36 ("can: bcm: add locking for bcm_op runtime updates")
added a locking for some variables that can be modified at runtime when
updating the sending bcm_op with a new TX_SETUP command in bcm_tx_setup().

Usually the RX_SETUP only handles and filters incoming traffic with one
exception: When the RX_RTR_FRAME flag is set a predefined CAN frame is
sent when a specific RTR frame is received. Therefore the rx bcm_op uses
bcm_can_tx() which uses the bcm_tx_lock that was only initialized in
bcm_tx_setup(). Add the missing spin_lock_init() when allocating the
bcm_op in bcm_rx_setup() to handle the RTR case properly.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
5.4.294 ≤
𝑥
< 5.5
linuxlinux_kernel
5.10.238 ≤
𝑥
< 5.10.253
linuxlinux_kernel
5.15.185 ≤
𝑥
< 5.15.203
linuxlinux_kernel
6.1.141 ≤
𝑥
< 6.1.167
linuxlinux_kernel
6.6.93 ≤
𝑥
< 6.6.130
linuxlinux_kernel
6.12.31 ≤
𝑥
< 6.12.77
linuxlinux_kernel
6.14.9 ≤
𝑥
< 6.15
linuxlinux_kernel
6.15.1 ≤
𝑥
< 6.18.17
linuxlinux_kernel
6.19 ≤
𝑥
< 6.19.7
linuxlinux_kernel
6.15
linuxlinux_kernel
7.0:rc1
linuxlinux_kernel
7.0:rc2
linuxlinux_kernel
7.0:rc3
linuxlinux_kernel
7.0:rc4
linuxlinux_kernel
7.0:rc5
linuxlinux_kernel
7.0:rc6
linuxlinux_kernel
7.0:rc7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
6.1.170-3
fixed
bullseye
vulnerable
bullseye (security)
vulnerable
forky
7.0.4-1
fixed
sid
7.0.4-1
fixed
trixie
vulnerable
trixie (security)
6.12.86-1
fixed
linux-6.1
bullseye (security)
6.1.170-3~deb11u1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
cluster-md-kmp-default
suse enterprise server 12 SP5
4.12.14-122.299.1
fixed
dlm-kmp-default
suse enterprise server 12 SP5
4.12.14-122.299.1
fixed
gfs2-kmp-default
suse enterprise server 12 SP5
4.12.14-122.299.1
fixed
kernel-default
suse enterprise server 12 SP5
4.12.14-122.299.1
fixed
kernel-default-base
suse enterprise server 12 SP5
4.12.14-122.299.1
fixed
kernel-default-man
suse enterprise server 12 SP5
4.12.14-122.299.1
fixed
kernel-macros
suse enterprise server 12 SP5
4.12.14-122.299.1
fixed
kernel-source
suse enterprise server 12 SP5
4.12.14-122.299.1
fixed
kernel-syms
suse enterprise server 12 SP5
4.12.14-122.299.1
fixed
ocfs2-kmp-default
suse enterprise server 12 SP5
4.12.14-122.299.1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/0904037e713f787d1376e1d349c3bdf6c3105881
https://git.kernel.org/stable/c/70e951afad4c025261fe3c952d2b07237e320a01
https://git.kernel.org/stable/c/800f26f11ae37b17f58e0001f28a47dd75c26557
https://git.kernel.org/stable/c/8215ba7bc99e84e66fd6938874ec4330a9d96518
https://git.kernel.org/stable/c/8bcf2d847adb82b2c617456f6da17ac5e6c75285
https://git.kernel.org/stable/c/c35636e91e392e1540949bbc67932167cb48bc3a
https://git.kernel.org/stable/c/c85b96eaf766d8f066b1139a17a51efa2f6627ef
https://git.kernel.org/stable/c/f0c349b2c21b220af5ba19f29b885e222958d796