CVE-2019-3701

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 4.19.13

Description The issue is related to a buffer overflow vulnerability in the can can gw rcv function in net/can/gw.c of the Linux kernel. This vulnerability can be exploited to cause a denial of service. A privileged user with CAP NET ADMIN capabilities can create a CAN frame modification rule that allows bitwise logical operations on the can dlc field, potentially leading to a system crash. The vulnerability occurs because the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing manipulated outgoing frames.

Recommendations For Linux kernel versions through 4.19.13, consider disabling the can can gw rcv function as a temporary workaround until a patch is available. Restrict access to the CAP NET ADMIN capability to minimize the risk of exploitation. Avoid using the can dlc field in CAN frame modification rules until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.