Linux Kernel CAN BCM Locking Vulnerability in Runtime Updates

A vulnerability in the Linux kernel's CAN BCM (Broadcast Communication Management) implementation has been addressed. The issue arose because the RX_SETUP process, which typically manages incoming traffic, did not properly handle cases where the RX_RTR_FRAME flag was set. This flag triggers the transmission of a predefined CAN frame in response to a specific RTR frame. The RX operation relied on a locking mechanism that was only initialized in the TX_SETUP command, leading to potential race conditions. The vulnerability has been fixed by adding the missing initialization for the transmission lock in the RX_SETUP process, ensuring proper handling of RTR frame scenarios.

Impact

The vulnerability could lead to improper synchronization in the handling of CAN frames, potentially allowing for race conditions that could be exploited in a real-time communication context.

Reproduction

The vulnerability can be reproduced by setting up a CAN interface and configuring a BCM operation to handle RTR frames. Without the proper locking in place, the RX operation could be disrupted, leading to missed or improperly managed CAN messages.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.