How severe is CVE-2023-5563?

CVE-2023-5563 has a CVSS v3 score of 7.1 (HIGH).

CVE-2023-5563

Name: zephyr
Author: zephyrproject

7.1HIGH

The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, ca

Veröffentlicht: 10/13/2023Aktualisiert: 11/21/2024

Beschreibung

The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception.

KI-AnalyseKI-gestützt

Betroffene Produkte

zephyrprojectzephyr

Referenzen

https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-98mc-rj7w-7rpv
Vendor Advisory
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-98mc-rj7w-7rpv
Vendor Advisory