CVE-2026-23298Unchecked Input for Loop Condition in Linux

CWE-606Unchecked Input for Loop Condition8 documents7 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 90.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucan_read_bulk_callback(), hanging the system. If the length is 0, just skip the message and go on to the next one. This has been fixed in the kvaser_usb driver in the past in commit 0c73772cd2b8 ("can: kvaser_usb: leaf: Fix potential infinite loop in co

Affected Packages5 packages

Linuxlinux/linux_kernel4.19.06.1.167+4
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux9f2d3eae88d26c29d96e42983b755940d9169cd9ab6f075492d37368b4c7b0df7f7fdc2b666887fc+6
debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

3
OSV
can: ucan: Fix infinite loop from zero-length messages2026-03-25
GHSA
GHSA-v7rc-q48q-f2p3: In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device g2026-03-25
OSV
CVE-2026-23298: In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device get2026-03-25

📋Vendor Advisories

3
Red Hat
kernel: can: ucan: Fix infinite loop from zero-length messages2026-03-25
Microsoft
can: ucan: Fix infinite loop from zero-length messages2026-03-10
Debian
CVE-2026-23298: linux - In the Linux kernel, the following vulnerability has been resolved: can: ucan: ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23298 Impact, Exploitability, and Mitigation Steps | Wiz