can: mcp251x: fix deadlock in error path of mcp251x_open

Summary

CVE	CVE-2026-23357
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-03-25 11:16:34 UTC
Updated	2026-04-18 09:16:20 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock in error path of mcp251x_open The mcp251x_open() function call free_irq() in its error path with the mpc_lock mutex held. But if an interrupt already occurred the interrupt handler will be waiting for the mpc_lock and free_irq() will deadlock waiting for the handler to finish. This issue is similar to the one fixed in commit 7dd9c26bd6cf ("can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open") but for the error path. To solve this issue move the call to free_irq() after the lock is released. Setting `priv->force_quit = 1` beforehand ensure that the IRQ handler will exit right away once it acquired the lock.

Risk And Classification

EPSS: 0.000320000 probability, percentile 0.090980000 (date 2026-04-18)

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected bf66f3736a945dd4e92d86427276c6eeab0a6c1d 739454057572cb0948658d1142f3fa2c6966465c git	Not specified
CNA	Linux	Linux	affected bf66f3736a945dd4e92d86427276c6eeab0a6c1d 416c18ecddafab0ed09be1e7b9d2f448f3d4db16 git	Not specified
CNA	Linux	Linux	affected bf66f3736a945dd4e92d86427276c6eeab0a6c1d 256f0cff6e946c570392bda1d01a65e789a7afd0 git	Not specified
CNA	Linux	Linux	affected bf66f3736a945dd4e92d86427276c6eeab0a6c1d b73832292cd914e87a55e863ba4413a907e7db6b git	Not specified
CNA	Linux	Linux	affected bf66f3736a945dd4e92d86427276c6eeab0a6c1d 38063cc435b69d56e76f947c10d336fcb2953508 git	Not specified
CNA	Linux	Linux	affected bf66f3736a945dd4e92d86427276c6eeab0a6c1d d27f12c3f5e85efc479896af4a69eccb37f75e8e git	Not specified
CNA	Linux	Linux	affected bf66f3736a945dd4e92d86427276c6eeab0a6c1d e728f444c913a91d290d1824b4770780bbd6378e git	Not specified
CNA	Linux	Linux	affected bf66f3736a945dd4e92d86427276c6eeab0a6c1d ab3f894de216f4a62adc3b57e9191888cbf26885 git	Not specified
CNA	Linux	Linux	affected 2.6.34	Not specified
CNA	Linux	Linux	unaffected 2.6.34 semver	Not specified
CNA	Linux	Linux	unaffected 5.10.253 5.10.* semver	Not specified
CNA	Linux	Linux	unaffected 5.15.203 5.15.* semver	Not specified
CNA	Linux	Linux	unaffected 6.1.167 6.1.* semver	Not specified
CNA	Linux	Linux	unaffected 6.6.130 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.12.77 6.12.* semver	Not specified
CNA	Linux	Linux	unaffected 6.18.17 6.18.* semver	Not specified
CNA	Linux	Linux	unaffected 6.19.7 6.19.* semver	Not specified
CNA	Linux	Linux	unaffected 7.0 * original_commit_for_fix	Not specified

References

Reference	Source	Link	Tags
git.kernel.org/stable/c/256f0cff6e946c570392bda1d01a65e789a7afd0	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/ab3f894de216f4a62adc3b57e9191888cbf26885	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/416c18ecddafab0ed09be1e7b9d2f448f3d4db16	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/b73832292cd914e87a55e863ba4413a907e7db6b	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/38063cc435b69d56e76f947c10d336fcb2953508	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/739454057572cb0948658d1142f3fa2c6966465c	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/d27f12c3f5e85efc479896af4a69eccb37f75e8e	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/e728f444c913a91d290d1824b4770780bbd6378e	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.