CVE-2026-23362
Received Received - Intake
Race Condition in Linux Kernel CAN BCM Runtime Updates

Publication date: 2026-03-25

Last updated on: 2026-04-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: can: bcm: fix locking for bcm_op runtime updates Commit c2aba69d0c36 ("can: bcm: add locking for bcm_op runtime updates") added a locking for some variables that can be modified at runtime when updating the sending bcm_op with a new TX_SETUP command in bcm_tx_setup(). Usually the RX_SETUP only handles and filters incoming traffic with one exception: When the RX_RTR_FRAME flag is set a predefined CAN frame is sent when a specific RTR frame is received. Therefore the rx bcm_op uses bcm_can_tx() which uses the bcm_tx_lock that was only initialized in bcm_tx_setup(). Add the missing spin_lock_init() when allocating the bcm_op in bcm_rx_setup() to handle the RTR case properly.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-24
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23362
EUVD
EUVD-2026-15342
Affected Vendors & Products
Showing 17 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.15
linux linux_kernel From 6.14.9 (inc) to 6.15 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.7 (exc)
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 5.10.238 (inc) to 5.10.253 (exc)
linux linux_kernel From 5.15.185 (inc) to 5.15.203 (exc)
linux linux_kernel From 5.4.294 (inc) to 5.5 (exc)
linux linux_kernel From 6.1.141 (inc) to 6.1.167 (exc)
linux linux_kernel From 6.12.31 (inc) to 6.12.77 (exc)
linux linux_kernel From 6.15.1 (inc) to 6.18.17 (exc)
linux linux_kernel From 6.6.93 (inc) to 6.6.130 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel relates to the Controller Area Network (CAN) subsystem, specifically the bcm (broadcast manager) component. The issue was that certain variables used during runtime updates of bcm operations (bcm_op) were not properly protected by locking mechanisms. This could lead to race conditions when updating bcm_op with new TX_SETUP commands. The fix involved adding proper locking (spin_lock_init) during the allocation of bcm_op in the bcm_rx_setup function to handle cases where a predefined CAN frame is sent in response to a specific RTR frame.

Impact Analysis

The vulnerability could cause improper synchronization when updating CAN bcm operations at runtime, potentially leading to race conditions or inconsistent states within the CAN subsystem. This might result in unexpected behavior in CAN message handling, such as incorrect transmission or reception of CAN frames, which could affect systems relying on CAN communication for critical functions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23362. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart