Skip to content

Commit 49d4ad9

Browse files
Flavio Ceolinjhedberg
Flavio Ceolin
authored and
jhedberg
committed
doc: vuln: Add information about CVE-2023-5563
Information about CVE-2023-5563 Signed-off-by: Flavio Ceolin <[email protected]>
1 parent 5e10b34 commit 49d4ad9

File tree

1 file changed

+21
-0
lines changed

1 file changed

+21
-0
lines changed

doc/security/vulnerabilities.rst

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1495,3 +1495,24 @@ This has been fixed in main for v3.5.0
14951495

14961496
- `PR 63069 fix for main
14971497
<https://github.com/zephyrproject-rtos/zephyr/pull/63069>`_
1498+
1499+
CVE-2023-5563
1500+
-------------
1501+
1502+
The SJA1000 CAN controller driver backend automatically attempts to recover
1503+
from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This
1504+
results in calling k_sleep() in IRQ context, causing a fatal exception.
1505+
1506+
- `Zephyr project bug tracker GHSA-98mc-rj7w-7rpv
1507+
<https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-98mc-rj7w-7rpv>`_
1508+
1509+
This has been fixed in main for v3.5.0
1510+
1511+
- `PR 63713 fix for main
1512+
<https://github.com/zephyrproject-rtos/zephyr/pull/63713>`_
1513+
1514+
- `PR 63718 fix for 3.4
1515+
<https://github.com/zephyrproject-rtos/zephyr/pull/63718>`_
1516+
1517+
- `PR 63717 fix for 3.3
1518+
<https://github.com/zephyrproject-rtos/zephyr/pull/63717>`_

0 commit comments

Comments
 (0)