PT-2024-10536 · Linux+6 · Linux Kernel+6

Ziyang Xuan

Published

2022-02-09

Updated

2025-11-12

CVE-2022-48830

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.16.0-rc8-syzkaller

Description The issue is related to a potential CAN frame reception race in the isotp rcv() function. When receiving a CAN frame, the current code logic does not consider concurrently receiving processes that do not show up in real-world usage. This can trigger skb over panic() in skb put(). The problem is fixed by adding a spin lock in isotp rcv() to ensure state changes and data structures stay consistent at CAN frame reception time.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the potential CAN frame reception race in isotp rcv(). As a temporary workaround, consider adding a spin lock in isotp rcv() to ensure state changes and data structures stay consistent at CAN frame reception time.

Exploit

Fix

Race Condition

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-667

Related Identifiers

ALSA-2025:20518

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALSA-2025_18281

ALSA-2025_19102

ALSA-2025_19103

ALSA-2025_19409

ALSA-2025_20518

BDU:2025-01087

CVE-2022-48830

INFSA-2025_20518

OPENSUSE-SU-2024_2947-1

RHSA-2025:20518

RHSA-2025_20518

SUSE-SU-2024:2894-1

SUSE-SU-2024:2902-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2947-1

Affected Products

Almalinux

Astra Linux

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

PT-2024-10536 · Linux+6 · Linux Kernel+6

CVE-2022-48830

Weakness Enumeration

Related Identifiers

Affected Products

References · 1465