Login Sign Up

CVE-2023-52878

5.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in the Linux kernel's CAN (Controller Area Network) subsystem allows out-of-bounds access to the echo_skb buffer, which could cause a kernel crash. It affects systems using CAN bus interfaces with vulnerable kernel versions. The issue is resolved by adding bounds checking and returning an error instead of crashing.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific vulnerable kernel versions referenced in the git commits (exact range depends on distribution backports)
Operating Systems: Linux distributions with vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with CAN bus interfaces enabled and in use. Most desktop/server systems without CAN hardware are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially disrupting critical operations on systems using CAN interfaces.

🟠

Likely Case

System crash or instability when malformed CAN packets trigger the out-of-bounds access, causing temporary denial of service.

🟢

If Mitigated

Warning message logged and error returned without system crash when bounds checking is implemented.

🌐 Internet-Facing: LOW - CAN interfaces are typically used in internal automotive/industrial networks, not directly internet-exposed.
🏢 Internal Only: MEDIUM - Systems using CAN bus interfaces in industrial control, automotive, or embedded systems could experience crashes affecting operations.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to send malformed CAN packets to the system, typically requiring local access or network access to CAN interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 0d30931f1fa0fb893fb7d5dc32b6b7edfb775be4, 53c468008a7c9ca3f5fc985951f35ec2acae85bc, 6411959c10fe917288cbb1038886999148560057, 826120c9ba68f2d0dbae58e99013929c883d1444, 8ab67da060157362b2e0926692c659808784708f

Vendor Advisory: https://git.kernel.org/stable/c/

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable CAN interfaces

linux

If CAN functionality is not required, disable CAN kernel modules to remove attack surface

sudo modprobe -r can_raw
sudo modprobe -r can
echo 'blacklist can' | sudo tee /etc/modprobe.d/blacklist-can.conf

🧯 If You Can't Patch

  • Restrict access to CAN interfaces to trusted users/devices only
  • Implement network segmentation to isolate CAN networks from untrusted systems

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with distribution's security advisories. Check if CAN modules are loaded: lsmod | grep can

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update matches patched version. Check system logs for CAN-related warnings.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • CAN subsystem warnings in dmesg
  • System crash/reboot events

Network Indicators:

  • Unusual CAN packet patterns
  • CAN interface errors

SIEM Query:

source="kernel" AND ("panic" OR "oops" OR "CAN" AND "error")

📊 Metadata

CVE ID: CVE-2023-52878
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-125
Published: May 21, 2024
Last Updated: March 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52878, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)