{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-23362","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-13T15:37:46.002Z","datePublished":"2026-03-25T10:27:45.476Z","dateUpdated":"2026-05-11T22:05:24.238Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:05:24.238Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: fix locking for bcm_op runtime updates\n\nCommit c2aba69d0c36 (\"can: bcm: add locking for bcm_op runtime updates\")\nadded a locking for some variables that can be modified at runtime when\nupdating the sending bcm_op with a new TX_SETUP command in bcm_tx_setup().\n\nUsually the RX_SETUP only handles and filters incoming traffic with one\nexception: When the RX_RTR_FRAME flag is set a predefined CAN frame is\nsent when a specific RTR frame is received. Therefore the rx bcm_op uses\nbcm_can_tx() which uses the bcm_tx_lock that was only initialized in\nbcm_tx_setup(). Add the missing spin_lock_init() when allocating the\nbcm_op in bcm_rx_setup() to handle the RTR case properly."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/can/bcm.c"],"versions":[{"version":"7595de7bc56e0e52b74e56c90f7e247bf626d628","lessThan":"0904037e713f787d1376e1d349c3bdf6c3105881","status":"affected","versionType":"git"},{"version":"fbd8fdc2b218e979cfe422b139b8f74c12419d1f","lessThan":"c85b96eaf766d8f066b1139a17a51efa2f6627ef","status":"affected","versionType":"git"},{"version":"2a437b86ac5a9893c902f30ef66815bf13587bf6","lessThan":"800f26f11ae37b17f58e0001f28a47dd75c26557","status":"affected","versionType":"git"},{"version":"76c84c3728178b2d38d5604e399dfe8b0752645e","lessThan":"70e951afad4c025261fe3c952d2b07237e320a01","status":"affected","versionType":"git"},{"version":"cc55dd28c20a6611e30596019b3b2f636819a4c0","lessThan":"8bcf2d847adb82b2c617456f6da17ac5e6c75285","status":"affected","versionType":"git"},{"version":"c2aba69d0c36a496ab4f2e81e9c2b271f2693fd7","lessThan":"8215ba7bc99e84e66fd6938874ec4330a9d96518","status":"affected","versionType":"git"},{"version":"c2aba69d0c36a496ab4f2e81e9c2b271f2693fd7","lessThan":"f0c349b2c21b220af5ba19f29b885e222958d796","status":"affected","versionType":"git"},{"version":"c2aba69d0c36a496ab4f2e81e9c2b271f2693fd7","lessThan":"c35636e91e392e1540949bbc67932167cb48bc3a","status":"affected","versionType":"git"},{"version":"8f1c022541bf5a923c8d6fa483112c15250f30a4","status":"affected","versionType":"git"},{"version":"c4e8a172501e677ebd8ea9d9161d97dc4df56fbd","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/can/bcm.c"],"versions":[{"version":"6.15","status":"affected"},{"version":"0","lessThan":"6.15","status":"unaffected","versionType":"semver"},{"version":"5.10.253","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.203","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.167","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.130","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.77","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.17","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.7","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.238","versionEndExcluding":"5.10.253"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.185","versionEndExcluding":"5.15.203"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.141","versionEndExcluding":"6.1.167"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.93","versionEndExcluding":"6.6.130"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.31","versionEndExcluding":"6.12.77"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.18.17"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.19.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"7.0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.294"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14.9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0904037e713f787d1376e1d349c3bdf6c3105881"},{"url":"https://git.kernel.org/stable/c/c85b96eaf766d8f066b1139a17a51efa2f6627ef"},{"url":"https://git.kernel.org/stable/c/800f26f11ae37b17f58e0001f28a47dd75c26557"},{"url":"https://git.kernel.org/stable/c/70e951afad4c025261fe3c952d2b07237e320a01"},{"url":"https://git.kernel.org/stable/c/8bcf2d847adb82b2c617456f6da17ac5e6c75285"},{"url":"https://git.kernel.org/stable/c/8215ba7bc99e84e66fd6938874ec4330a9d96518"},{"url":"https://git.kernel.org/stable/c/f0c349b2c21b220af5ba19f29b885e222958d796"},{"url":"https://git.kernel.org/stable/c/c35636e91e392e1540949bbc67932167cb48bc3a"}],"title":"can: bcm: fix locking for bcm_op runtime updates","x_generator":{"engine":"bippy-1.2.0"}}}}