CVE-2023-5563Improper Check or Handling of Exceptional Conditions in Zephyr

CWE-703Improper Check or Handling of Exceptional Conditions2 documents2 sources
Severity
7.5HIGHNVD
CNA7.1
EPSS
0.2%
top 59.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Zephyrproject-rtos ZephyrZephyrproject Zephyr
Timeline
Latest updateOct 12
PublishedOct 13

Description

The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5zephyrproject-rtos/zephyr3.33.4

🔴Vulnerability Details

1
CVEList
CVE-2023-5563: The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y2023-10-12
CVE-2023-5563 — Zephyrproject-rtos Zephyr vulnerability | cvebase