Linux · Linux Kernel · CVE-2025-38665
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
A NULL pointer dereference issue was identified in the Linux kernel’s CAN (Controller Area Network) subsystem. Specifically, the issue occurs within the `can changelink()` function when a CAN device is restarted from Bus Off and the driver does not implement the `struct can priv::do set mode` callback. This can lead to a system crash or unexpected behavior. The fix prevents the NULL pointer deference by refusing a manual restart or configuring the automatic restart delay and reporting the error to user space. Additionally, `can restart()` now returns an error if `can priv::do set mode` is not set, preventing an unchecked dereference.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.