Linux Kernel Vulnerability in CAN Stack Communication Handling
CVE-2020-36789

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 17 April 2025

Summary

A vulnerability in the Linux kernel's CAN stack allows for a potential NULL pointer dereference when a driver invokes the function can_get_echo_skb() during hardware IRQ contexts. This occurs particularly under conditions of network congestion. The underlying issue stems from the inappropriate use of kfree_skb() instead of the safer dev_kfree_skb_irq() function. To mitigate this, the patched version now ensures proper reference counting through skb_get() and defers the freeing of the socket buffer (skb) to more appropriate context-aware functions. Although similar concerns were flagged in 2017, this iteration specifically addresses the CAN devices' unique scenarios to enhance system stability.

Affected Version(s)

Linux 39549eef3587f1c1e8c65c88a2400d10fd30ea17 < 248b71ce92d4f3a574b2537f9838f48e892618f4

Linux 39549eef3587f1c1e8c65c88a2400d10fd30ea17 < 451187b20431924d13fcfecc500d7cd2d9951bac

Linux 39549eef3587f1c1e8c65c88a2400d10fd30ea17 < 3a922a85701939624484e7f2fd07d32beed00d25

References

https://git.kernel.org/stable/c/248b71ce92d4f3a574b2537f9...

https://git.kernel.org/stable/c/451187b20431924d13fcfecc5...

https://git.kernel.org/stable/c/3a922a85701939624484e7f2f...

Timeline

Vulnerability published
Apr 17, 2025
Vulnerability Reserved
Feb 26, 2024