Common Weakness Enumeration

CWE-835

Allowed

Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · Status: Incomplete

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

1057 vulnerabilities reference this CWE, most recent first.

GHSA-J72W-3754-92GG

Vulnerability from github – Published: 2026-03-18 12:31 – Updated: 2026-07-14 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST

We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service (DoS) condition.

A malformed NTFS image can cause an infinite loop when an ATTR_LIST attribute indicates a zero data size while the driver allocates memory for it.

When ntfs_load_attr_list() processes a resident ATTR_LIST with data_size set to zero, it still allocates memory because of al_aligned(0). This creates an inconsistent state where ni->attr_list.size is zero, but ni->attr_list.le is non-null. This causes ni_enum_attr_ex to incorrectly assume that no attribute list exists and enumerates only the primary MFT record. When it finds ATTR_LIST, the code reloads it and restarts the enumeration, repeating indefinitely. The mount operation never completes, hanging the kernel thread.

This patch adds validation to ensure that data_size is non-zero before memory allocation. When a zero-sized ATTR_LIST is detected, the function returns -EINVAL, preventing a DoS vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-71267"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-18T11:16:15Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST\n\nWe found an infinite loop bug in the ntfs3 file system that can lead to a\nDenial-of-Service (DoS) condition.\n\nA malformed NTFS image can cause an infinite loop when an ATTR_LIST attribute\nindicates a zero data size while the driver allocates memory for it.\n\nWhen ntfs_load_attr_list() processes a resident ATTR_LIST with data_size set\nto zero, it still allocates memory because of al_aligned(0). This creates an\ninconsistent state where ni-\u003eattr_list.size is zero, but ni-\u003eattr_list.le is\nnon-null. This causes ni_enum_attr_ex to incorrectly assume that no attribute\nlist exists and enumerates only the primary MFT record. When it finds\nATTR_LIST, the code reloads it and restarts the enumeration, repeating\nindefinitely. The mount operation never completes, hanging the kernel thread.\n\nThis patch adds validation to ensure that data_size is non-zero before memory\nallocation. When a zero-sized ATTR_LIST is detected, the function returns\n-EINVAL, preventing a DoS vulnerability.",
  "id": "GHSA-j72w-3754-92gg",
  "modified": "2026-07-14T15:31:40Z",
  "published": "2026-03-18T12:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71267"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/06909b2549d631a47fcda249d34be26f7ca1711d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7ef219656febf5ae06ae56b1fce47ebd05f92b68"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8d8c70b57dbeda3eb165c0940b97e85373ca9354"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9267d99fade76d44d4a133599524031fe684156e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/976e6a7c51fabf150478decbe8ef5d9a26039b7c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9779a6eaaabdf47aa57910d352b398ad742e6a5f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fd508939dbca5eceefb2d0c2564beb15469572f2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J788-F9FX-QMJ8

Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2022-05-13 01:25
VLAI
Details

The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-18267"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-10T15:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.",
  "id": "GHSA-j788-f9fx-qmj8",
  "modified": "2022-05-13T01:25:13Z",
  "published": "2022-05-13T01:25:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18267"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHBA-2019:0327"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3140"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3505"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.freedesktop.org/show_bug.cgi?id=103238"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3647-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J7FM-33GG-6FX4

Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2025-04-20 03:47
VLAI
Details

Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an infinite loop.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-15223"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-24T17:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an infinite loop.",
  "id": "GHSA-j7fm-33gg-6fx4",
  "modified": "2025-04-20T03:47:34Z",
  "published": "2022-05-13T01:43:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15223"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/43026"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JC3X-VM97-3MQ2

Vulnerability from github – Published: 2022-05-13 01:10 – Updated: 2022-05-13 01:10
VLAI
Details

In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-20467"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-26T03:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.",
  "id": "GHSA-jc3x-vm97-3mq2",
  "modified": "2022-05-13T01:10:27Z",
  "published": "2022-05-13T01:10:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20467"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/issues/1408"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/commit/db0add932fb850d762b02604ca3053b7d7ab6deb"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4034-1"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106315"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JC6Q-27MW-P55W

Vulnerability from github – Published: 2018-10-18 16:49 – Updated: 2022-09-13 23:31
VLAI
Summary
Keycloak vulnerable to infinite loop based Denial of Service
Details

When Keycloak versions prior to 2.5.5 receive a Logout request with an Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in an infinite loop. An attacker could use this flaw to conduct denial of service attacks.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-2646"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:42:58Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "When Keycloak versions prior to 2.5.5 receive a Logout request with an Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in an infinite loop. An attacker could use this flaw to conduct denial of service attacks.",
  "id": "GHSA-jc6q-27mw-p55w",
  "modified": "2022-09-13T23:31:40Z",
  "published": "2018-10-18T16:49:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2646"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-jc6q-27mw-p55w"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/keycloak/keycloak"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Keycloak vulnerable to infinite loop based Denial of Service"
}

GHSA-JCQP-6R6F-3MFX

Vulnerability from github – Published: 2026-05-18 20:36 – Updated: 2026-06-11 14:05
VLAI
Summary
ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression
Details

When using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-AnyCPU"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.13.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-AnyCPU"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.13.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.13.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-OpenMP-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.13.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.13.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.13.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.13.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-OpenMP-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.13.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-OpenMP-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.13.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.13.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.13.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.13.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-AnyCPU"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.13.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-OpenMP-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.13.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-OpenMP-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.13.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.13.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.13.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.13.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-46521"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-131",
      "CWE-252",
      "CWE-787",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-18T20:36:53Z",
    "nvd_published_at": "2026-06-10T23:16:46Z",
    "severity": "MODERATE"
  },
  "details": "When using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check.",
  "id": "GHSA-jcqp-6r6f-3mfx",
  "modified": "2026-06-11T14:05:56Z",
  "published": "2026-05-18T20:36:53Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jcqp-6r6f-3mfx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46521"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ImageMagick/ImageMagick"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression"
}

GHSA-JFMJ-5V4G-7637

Vulnerability from github – Published: 2024-07-09 00:31 – Updated: 2024-07-09 17:25
VLAI
Summary
zipp Denial of Service vulnerability
Details

A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the Path module in both zipp and zipfile, such as joinpath, the overloaded division operator, and iterdir. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "zipp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.19.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-5569"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-07-09T17:25:54Z",
    "nvd_published_at": "2024-07-09T00:15:02Z",
    "severity": "MODERATE"
  },
  "details": "A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.",
  "id": "GHSA-jfmj-5v4g-7637",
  "modified": "2024-07-09T17:25:54Z",
  "published": "2024-07-09T00:31:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5569"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jaraco/zipp/commit/fd604bd34f0343472521a36da1fbd22e793e14fd"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jaraco/zipp"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/be898306-11f9-46b4-b28c-f4c4aa4ffbae"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "zipp Denial of Service vulnerability"
}

GHSA-JH57-6WF8-C6GG

Vulnerability from github – Published: 2024-07-29 18:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

can: mcp251xfd: fix infinite loop when xmit fails

When the mcp251xfd_start_xmit() function fails, the driver stops processing messages, and the interrupt routine does not return, running indefinitely even after killing the running application.

Error messages: [ 441.298819] mcp251xfd spi2.0 can0: ERROR in mcp251xfd_start_xmit: -16 [ 441.306498] mcp251xfd spi2.0 can0: Transmit Event FIFO buffer not empty. (seq=0x000017c7, tef_tail=0x000017cf, tef_head=0x000017d0, tx_head=0x000017d3). ... and repeat forever.

The issue can be triggered when multiple devices share the same SPI interface. And there is concurrent access to the bus.

The problem occurs because tx_ring->head increments even if mcp251xfd_start_xmit() fails. Consequently, the driver skips one TX package while still expecting a response in mcp251xfd_handle_tefif_one().

Resolve the issue by starting a workqueue to write the tx obj synchronously if err = -EBUSY. In case of another error, decrement tx_ring->head, remove skb from the echo stack, and drop the message.

[mkl: use more imperative wording in patch description]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-41088"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-29T16:15:04Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251xfd: fix infinite loop when xmit fails\n\nWhen the mcp251xfd_start_xmit() function fails, the driver stops\nprocessing messages, and the interrupt routine does not return,\nrunning indefinitely even after killing the running application.\n\nError messages:\n[  441.298819] mcp251xfd spi2.0 can0: ERROR in mcp251xfd_start_xmit: -16\n[  441.306498] mcp251xfd spi2.0 can0: Transmit Event FIFO buffer not empty. (seq=0x000017c7, tef_tail=0x000017cf, tef_head=0x000017d0, tx_head=0x000017d3).\n... and repeat forever.\n\nThe issue can be triggered when multiple devices share the same SPI\ninterface. And there is concurrent access to the bus.\n\nThe problem occurs because tx_ring-\u003ehead increments even if\nmcp251xfd_start_xmit() fails. Consequently, the driver skips one TX\npackage while still expecting a response in\nmcp251xfd_handle_tefif_one().\n\nResolve the issue by starting a workqueue to write the tx obj\nsynchronously if err = -EBUSY. In case of another error, decrement\ntx_ring-\u003ehead, remove skb from the echo stack, and drop the message.\n\n[mkl: use more imperative wording in patch description]",
  "id": "GHSA-jh57-6wf8-c6gg",
  "modified": "2025-11-04T00:31:04Z",
  "published": "2024-07-29T18:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41088"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3e72558c1711d524e3150103739ddd06650e291b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6c6b4afa59c2fb4d1759235f866d8caed2aa4729"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d8fb63e46c884c898a38f061c2330f7729e75510"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f926c022ebaabf7963bebf89a97201d66978a025"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JH89-XPPM-M3XG

Vulnerability from github – Published: 2022-09-30 00:00 – Updated: 2022-10-04 00:00
VLAI
Details

Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-0148"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-29T03:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like \u0027sectors_per_block\u0027 etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.",
  "id": "GHSA-jh89-xppm-m3xg",
  "modified": "2022-10-04T00:00:24Z",
  "published": "2022-09-30T00:00:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0148"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078212"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html"
    },
    {
      "type": "WEB",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1d7678dec4761acdc43439da6ceda41a703ba1a6"
    },
    {
      "type": "WEB",
      "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=1d7678dec4761acdc43439da6ceda41a703ba1a6"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2014/03/26/8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JHHP-VMJ5-G65V

Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2022-05-24 17:46
VLAI
Details

An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-36310"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-07T00:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.",
  "id": "GHSA-jhhp-vmj5-g65v",
  "modified": "2022-05-24T17:46:44Z",
  "published": "2022-05-24T17:46:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36310"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e72436bc3a5206f95bb384e741154166ddb3202e"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5095"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.