{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-23357","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-13T15:37:46.000Z","datePublished":"2026-03-25T10:27:41.299Z","dateUpdated":"2026-05-11T22:05:18.120Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:05:18.120Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251x: fix deadlock in error path of mcp251x_open\n\nThe mcp251x_open() function call free_irq() in its error path with the\nmpc_lock mutex held. But if an interrupt already occurred the\ninterrupt handler will be waiting for the mpc_lock and free_irq() will\ndeadlock waiting for the handler to finish.\n\nThis issue is similar to the one fixed in commit 7dd9c26bd6cf (\"can:\nmcp251x: fix deadlock if an interrupt occurs during mcp251x_open\") but\nfor the error path.\n\nTo solve this issue move the call to free_irq() after the lock is\nreleased. Setting `priv->force_quit = 1` beforehand ensure that the IRQ\nhandler will exit right away once it acquired the lock."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/can/spi/mcp251x.c"],"versions":[{"version":"bf66f3736a945dd4e92d86427276c6eeab0a6c1d","lessThan":"739454057572cb0948658d1142f3fa2c6966465c","status":"affected","versionType":"git"},{"version":"bf66f3736a945dd4e92d86427276c6eeab0a6c1d","lessThan":"416c18ecddafab0ed09be1e7b9d2f448f3d4db16","status":"affected","versionType":"git"},{"version":"bf66f3736a945dd4e92d86427276c6eeab0a6c1d","lessThan":"256f0cff6e946c570392bda1d01a65e789a7afd0","status":"affected","versionType":"git"},{"version":"bf66f3736a945dd4e92d86427276c6eeab0a6c1d","lessThan":"b73832292cd914e87a55e863ba4413a907e7db6b","status":"affected","versionType":"git"},{"version":"bf66f3736a945dd4e92d86427276c6eeab0a6c1d","lessThan":"38063cc435b69d56e76f947c10d336fcb2953508","status":"affected","versionType":"git"},{"version":"bf66f3736a945dd4e92d86427276c6eeab0a6c1d","lessThan":"d27f12c3f5e85efc479896af4a69eccb37f75e8e","status":"affected","versionType":"git"},{"version":"bf66f3736a945dd4e92d86427276c6eeab0a6c1d","lessThan":"e728f444c913a91d290d1824b4770780bbd6378e","status":"affected","versionType":"git"},{"version":"bf66f3736a945dd4e92d86427276c6eeab0a6c1d","lessThan":"ab3f894de216f4a62adc3b57e9191888cbf26885","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/can/spi/mcp251x.c"],"versions":[{"version":"2.6.34","status":"affected"},{"version":"0","lessThan":"2.6.34","status":"unaffected","versionType":"semver"},{"version":"5.10.253","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.203","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.167","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.130","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.77","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.17","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.7","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"5.10.253"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"5.15.203"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"6.1.167"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"6.6.130"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"6.12.77"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"6.18.17"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"6.19.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"7.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/739454057572cb0948658d1142f3fa2c6966465c"},{"url":"https://git.kernel.org/stable/c/416c18ecddafab0ed09be1e7b9d2f448f3d4db16"},{"url":"https://git.kernel.org/stable/c/256f0cff6e946c570392bda1d01a65e789a7afd0"},{"url":"https://git.kernel.org/stable/c/b73832292cd914e87a55e863ba4413a907e7db6b"},{"url":"https://git.kernel.org/stable/c/38063cc435b69d56e76f947c10d336fcb2953508"},{"url":"https://git.kernel.org/stable/c/d27f12c3f5e85efc479896af4a69eccb37f75e8e"},{"url":"https://git.kernel.org/stable/c/e728f444c913a91d290d1824b4770780bbd6378e"},{"url":"https://git.kernel.org/stable/c/ab3f894de216f4a62adc3b57e9191888cbf26885"}],"title":"can: mcp251x: fix deadlock in error path of mcp251x_open","x_generator":{"engine":"bippy-1.2.0"}}}}