Acknowledged
Created: Dec 16, 2025
Updated: Dec 18, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]can: kvaser_usb: leaf: Fix potential infinite loop in command parsers[EOL][EOL]The `kvaser_usb_leaf_wait_cmd()` and `kvaser_usb_leaf_read_bulk_callback`[EOL]functions contain logic to zero-length commands. These commands are used[EOL]to align data to the USB endpoint's wMaxPacketSize boundary.[EOL][EOL]The driver attempts to skip these placeholders by aligning the buffer[EOL]position `pos` to the next packet boundary using `round_up()` function.[EOL][EOL]However, if zero-length command is found exactly on a packet boundary[EOL](i.e., `pos` is a multiple of wMaxPacketSize, including 0), `round_up`[EOL]function will return the unchanged value of `pos`. This prevents `pos`[EOL]to be increased, causing an infinite loop in the parsing logic.[EOL][EOL]This patch fixes this in the function by using `pos + 1` instead.[EOL]This ensures that even if `pos` is on a boundary, the calculation is[EOL]based on `pos + 1`, forcing `round_up()` to always return the next[EOL]aligned boundary.
