PT-2025-18561 · Linux+1 · Linux Kernel+1
Published
2022-11-02
·
Updated
2025-05-02
·
CVE-2022-49844
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A vulnerability in the Linux kernel has been resolved, specifically in the CAN (Controller Area Network) device driver. The issue arises from an out-of-bounds read in the
priv->ctrlmode element, which occurs even on virtual CAN interfaces that do not create the can priv structure at startup. This can lead to the loss of CAN frames in virtual CAN interfaces such as vcan and vxcan. The patch mainly reverts the original commit and adds a new helper for CAN interface drivers to provide the required information in the can priv structure.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Linux Kernel