CVE-2026-23357 — Deadlock in Linux

CWE-833 — Deadlock8 documents7 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 90.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +1 more

Timeline

PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock in error path of mcp251x_open The mcp251x_open() function call free_irq() in its error path with the mpc_lock mutex held. But if an interrupt already occurred the interrupt handler will be waiting for the mpc_lock and free_irq() will deadlock waiting for the handler to finish. This issue is similar to the one fixed in commit 7dd9c26bd6cf ("can: mcp251x: fix deadlock if an interrupt occurs during mcp…

Affected Packages5 packages

▶Linuxlinux/linux_kernel2.6.34 — 6.1.167+4

▶Debianlinux/linux_kernel< 6.19.8-1

▶msrcmsrc/azl3_kernel_6.6.126.1-1_on_azure_linux_3.0

▶CVEListV5linux/linuxbf66f3736a945dd4e92d86427276c6eeab0a6c1d — 256f0cff6e946c570392bda1d01a65e789a7afd0+6

▶debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

OSV

can: mcp251x: fix deadlock in error path of mcp251x_open↗2026-03-25

▶

OSV

CVE-2026-23357: In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock in error path of mcp251x_open The mcp251x_open() functi↗2026-03-25

▶

GHSA

GHSA-f94p-fcww-cpfj: In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock in error path of mcp251x_open The mcp251x_open() func↗2026-03-25

▶

📋Vendor Advisories

Red Hat

kernel: can: mcp251x: fix deadlock in error path of mcp251x_open↗2026-03-25

▶

Microsoft

can: mcp251x: fix deadlock in error path of mcp251x_open↗2026-03-10

▶

Debian

CVE-2026-23357: linux - In the Linux kernel, the following vulnerability has been resolved: can: mcp251...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23357 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶