Dario Binacchi

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.74 **Description** A potential use-after-free issue has been identified in the Linux kernel, specifically in the `hi3110 can ist()` function. This issue arises from the commit `a22bd630cfff`, which removed the reporting of `txerr` and `rxerr` even during correct operation. The error count information added to the CAN frame after `netif rx()` may be accessed after the `skb` has been freed or reused, leading to a potential use-after-free. The issue is resolved by postponing the `netif rx()` call in case of `txerr` and `rxerr` reporting. **Recommendations** For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider postponing the `netif rx()` call in case of `txerr` and `rxerr` reporting to minimize the risk of exploitation.