CVE-2025-38224

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.15.0

Description: A vulnerability in the Linux kernel has been resolved, related to the kvaser pciefd driver. The issue involves the echo skb max handling logic, which defines the supported upper limit of echo skb[] allocated inside the netdevice's priv. The size value provided by this driver to alloc candev() is KVASER PCIEFD CAN TX MAX COUNT, which is 17. However, echo skb max is rounded up to the nearest power of two, causing the tx/ack indices calculated during tx/rx to exceed the upper array boundary. This has been reported by Kasan for the ack case inside kvaser pciefd handle ack packet(). The vulnerability affects the kvaser pciefd handle ack packet() function and the kvaser pciefd read packet() function.

Recommendations: For Linux kernel versions prior to 6.15.0, update to version 6.15.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the kvaser pciefd driver to minimize the risk of exploitation. Avoid using the echo skb max variable in the affected API endpoints until the issue is resolved.