CVE-2020-36789

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, related to the CAN network stack. The issue occurs when a driver calls can get echo skb() during a hardware IRQ, potentially triggering a warning and risking a NULL pointer dereference due to the call to kfree skb() instead of dev kfree skb irq(). The root cause is the incorrect freeing of a socket buffer (skb) within the netif rx() call. The patch prevents this by incrementing the reference count of the skb and freeing it using dev consume skb any() or dev kfree skb any(). This issue was previously reported in 2017 but the proposed patch was not accepted.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.