How severe is CVE-2023-5563?

CVE-2023-5563 has a CVSS v3 score of 7.1 (HIGH).

CVE-2023-5563

Name: zephyr
Author: zephyrproject

7.1HIGH

The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, ca

Опубликовано: 10/13/2023Обновлено: 11/21/2024

Описание

The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception.

ИИ-АнализНа базе ИИ

Затронутые продукты

zephyrprojectzephyr

Ссылки

https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-98mc-rj7w-7rpv
Vendor Advisory
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-98mc-rj7w-7rpv
Vendor Advisory