CVE-2025-37993

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.15.0-rc3

Description A vulnerability in the Linux kernel has been resolved, related to the initialization of a spin lock in the m can classdev struct. The issue occurs when trying to send CAN frames, resulting in a "spinlock bad magic" complaint from the kernel. This problem is solved by initializing the spin lock in m can class allocate dev.

Recommendations For Linux kernel versions prior to 6.15.0-rc3, initialize the spin lock tx handling spinlock in m can class allocate dev to resolve the issue. As a temporary workaround, consider disabling the m can start xmit function until a patch is available. Restrict access to the m can classdev struct to minimize the risk of exploitation. Avoid using the cansend utility from can-utils until the issue is resolved.