What is CVE-2023-52887?

CVE-2023-52887 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2023-52887 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-52887?

CVE-2023-52887 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2023-52887?

No patch is currently available for CVE-2023-52887. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2023-52887 actively exploited?

CVE-2023-52887 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-52887

Medium

In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new This patch enhances error handling in scenarios with RTS (Request to Send) messages arriving closely. It replaces the less informative WARN_ON_ONCE backtraces with a new error handling method. This provides clearer error messages and allows for the early termination of problematic sessions. Previously, sessions were only released at the end of j1939_xtp_rx_rts(). Potentially this could be reproduced with something like: testj1939 -r vcan0:0x80 & while true; do # send first RTS cansend vcan0 18EC8090#1014000303002301; # send second RTS cansend vcan0 18EC8090#1014000303002301; # send abort cansend vcan0 18EC8090#ff00000000002301; done

Package Linux Kernel

Published 2024-07-29

Last modified 2025-11-03

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-617

CVE-2023-52887 is classified as CWE-617

See CWE-617 on MITRE CWE for full details on this weakness type.

References

The following references provide additional information about CVE-2023-52887 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Debian Security
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Kernel patch commit
https://git.kernel.org/stable/c/0bc0a7416ea73f79f915c9a05ac0858dff65cfed
Patch
Kernel patch commit
https://git.kernel.org/stable/c/1762ca80c2b72dd1b5821c5e347713ae696276ea
Patch
Kernel patch commit
https://git.kernel.org/stable/c/177e33b655d35d72866b50aec84307119dc5f3d4
Patch

7 patch commits total View all on NVD

Details

CVE ID CVE-2023-52887

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-07-29

Modified 2025-11-03

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2023-52887?

CVE-2023-52887 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2023-52887 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2023-52887?

CVE-2023-52887 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2023-52887?

No patch is currently available for CVE-2023-52887. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2023-52887 actively exploited?

No — CVE-2023-52887 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.