A vulnerability has been resolved in the Linux kernel related to the j1939 network protocol. The issue involves a memory leak due to improper session deactivation, potentially leading to system instability. The fix ensures proper resource management by deactivating the session when the timer is cancelled.
In the Linux kernel, the following vulnerability has been resolved:
net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts
Since j1939_session_deactivate_activate_next() in j1939_tp_rxtimer() is called only when the timer is enabled, we need to call j1939_session_deactivate_activate_next() if we cancelled the timer. Otherwise, refcount for j1939_session leaks, which will later appear as
| unregister_netdevice: waiting for vcan0 to become free. Usage count = 2.
problem.