CVE-2022-49863

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is caused by a NULL pointer dereference in the can rx register() function when testing the following scenario: (a) creating a netlink socket using syscall( NR socket, 0x10ul, 3ul, 0), (b) creating a bond link device and vxcan link device, and binding the vxcan device to the bond device using syscall( NR sendmsg, ...), (c) creating a CAN socket using syscall( NR socket, 0x1dul, 3ul, 1), and (d) binding the bond device to the CAN socket using syscall( NR bind, ...). The bond device invokes the can-raw protocol registration interface to receive CAN packets, but ml priv is not allocated to the dev, and dev rcv lists is assigned to NULL in can rx register(), resulting in a NULL pointer dereference issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.