{"id":"CVE-2023-52638","summary":"can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: prevent deadlock by changing j1939_socks_lock to rwlock\n\nThe following 3 locks would race against each other, causing the\ndeadlock situation in the Syzbot bug report:\n\n- j1939_socks_lock\n- active_session_list_lock\n- sk_session_queue_lock\n\nA reasonable fix is to change j1939_socks_lock to an rwlock, since in\nthe rare situations where a write lock is required for the linked list\nthat j1939_socks_lock is protecting, the code does not attempt to\nacquire any more locks. This would break the circular lock dependency,\nwhere, for example, the current thread already locks j1939_socks_lock\nand attempts to acquire sk_session_queue_lock, and at the same time,\nanother thread attempts to acquire j1939_socks_lock while holding\nsk_session_queue_lock.\n\nNOTE: This patch along does not fix the unregister_netdevice bug\nreported by Syzbot; instead, it solves a deadlock situation to prepare\nfor one or more further patches to actually fix the Syzbot bug, which\nappears to be a reference counting problem within the j1939 codebase.\n\n[mkl: remove unrelated newline change]","modified":"2026-04-02T09:43:10.297811Z","published":"2024-04-03T14:54:41.271Z","related":["ALSA-2024:4583"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52638.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/03358aba991668d3bb2c65b3c82aa32c36851170"},{"type":"WEB","url":"https://git.kernel.org/stable/c/26dfe112ec2e95fe0099681f6aec33da13c2dd8e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/559b6322f9480bff68cfa98d108991e945a4f284"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6cdedc18ba7b9dacc36466e27e3267d201948c8d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/aedda066d717a0b4335d7e0a00b2e3a61e40afcf"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52638.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52638"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"5b9272e93f2efe3f6cda60cc2c26817b2ce49386"},{"fixed":"03358aba991668d3bb2c65b3c82aa32c36851170"},{"fixed":"aedda066d717a0b4335d7e0a00b2e3a61e40afcf"},{"fixed":"26dfe112ec2e95fe0099681f6aec33da13c2dd8e"},{"fixed":"559b6322f9480bff68cfa98d108991e945a4f284"},{"fixed":"6cdedc18ba7b9dacc36466e27e3267d201948c8d"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52638.json"}}],"schema_version":"1.7.5"}