{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23357", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.000Z", "datePublished": "2026-03-25T10:27:41.299Z", "dateUpdated": "2026-03-25T10:27:41.299Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:27:41.299Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251x: fix deadlock in error path of mcp251x_open\n\nThe mcp251x_open() function call free_irq() in its error path with the\nmpc_lock mutex held. But if an interrupt already occurred the\ninterrupt handler will be waiting for the mpc_lock and free_irq() will\ndeadlock waiting for the handler to finish.\n\nThis issue is similar to the one fixed in commit 7dd9c26bd6cf (\"can:\nmcp251x: fix deadlock if an interrupt occurs during mcp251x_open\") but\nfor the error path.\n\nTo solve this issue move the call to free_irq() after the lock is\nreleased. Setting `priv->force_quit = 1` beforehand ensure that the IRQ\nhandler will exit right away once it acquired the lock."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/can/spi/mcp251x.c"], "versions": [{"version": "bf66f3736a945dd4e92d86427276c6eeab0a6c1d", "lessThan": "256f0cff6e946c570392bda1d01a65e789a7afd0", "status": "affected", "versionType": "git"}, {"version": "bf66f3736a945dd4e92d86427276c6eeab0a6c1d", "lessThan": "b73832292cd914e87a55e863ba4413a907e7db6b", "status": "affected", "versionType": "git"}, {"version": "bf66f3736a945dd4e92d86427276c6eeab0a6c1d", "lessThan": "38063cc435b69d56e76f947c10d336fcb2953508", "status": "affected", "versionType": "git"}, {"version": "bf66f3736a945dd4e92d86427276c6eeab0a6c1d", "lessThan": "d27f12c3f5e85efc479896af4a69eccb37f75e8e", "status": "affected", "versionType": "git"}, {"version": "bf66f3736a945dd4e92d86427276c6eeab0a6c1d", "lessThan": "e728f444c913a91d290d1824b4770780bbd6378e", "status": "affected", "versionType": "git"}, {"version": "bf66f3736a945dd4e92d86427276c6eeab0a6c1d", "lessThan": "ab3f894de216f4a62adc3b57e9191888cbf26885", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/can/spi/mcp251x.c"], "versions": [{"version": "2.6.34", "status": "affected"}, {"version": "0", "lessThan": "2.6.34", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.34", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.34", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.34", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.34", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.34", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.34", "versionEndExcluding": "7.0-rc3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/256f0cff6e946c570392bda1d01a65e789a7afd0"}, {"url": "https://git.kernel.org/stable/c/b73832292cd914e87a55e863ba4413a907e7db6b"}, {"url": "https://git.kernel.org/stable/c/38063cc435b69d56e76f947c10d336fcb2953508"}, {"url": "https://git.kernel.org/stable/c/d27f12c3f5e85efc479896af4a69eccb37f75e8e"}, {"url": "https://git.kernel.org/stable/c/e728f444c913a91d290d1824b4770780bbd6378e"}, {"url": "https://git.kernel.org/stable/c/ab3f894de216f4a62adc3b57e9191888cbf26885"}], "title": "can: mcp251x: fix deadlock in error path of mcp251x_open", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251x: fix deadlock in error path of mcp251x_open\n\nThe mcp251x_open() function call free_irq() in its error path with the\nmpc_lock mutex held. But if an interrupt already occurred the\ninterrupt handler will be waiting for the mpc_lock and free_irq() will\ndeadlock waiting for the handler to finish.\n\nThis issue is similar to the one fixed in commit 7dd9c26bd6cf (\"can:\nmcp251x: fix deadlock if an interrupt occurs during mcp251x_open\") but\nfor the error path.\n\nTo solve this issue move the call to free_irq() after the lock is\nreleased. Setting `priv->force_quit = 1` beforehand ensure that the IRQ\nhandler will exit right away once it acquired the lock."}], "id": "CVE-2026-23357", "lastModified": "2026-03-25T11:16:34.450", "metrics": {}, "published": "2026-03-25T11:16:34.450", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/256f0cff6e946c570392bda1d01a65e789a7afd0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/38063cc435b69d56e76f947c10d336fcb2953508"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ab3f894de216f4a62adc3b57e9191888cbf26885"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b73832292cd914e87a55e863ba4413a907e7db6b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d27f12c3f5e85efc479896af4a69eccb37f75e8e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e728f444c913a91d290d1824b4770780bbd6378e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{}