Out-of-Bounds Read in Linux Kernel Affects Virtual CAN Interfaces
CVE-2022-49844

7.1HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2025

Summary

A vulnerability in the Linux kernel can lead to out-of-bounds reads on virtual CAN interfaces, specifically vcan and vxcan. This issue occurs when the 'priv->ctrlmode' element is accessed on interfaces that do not initialize the 'struct can_priv', resulting in potential data leakage and CAN frame drops. The original commit was reverted, and a new helper function was introduced to mitigate this flaw in CAN interface drivers.

Affected Version(s)

Linux a6d190f8c7670068d8c154ef8477eca07b5e3574 < 386c49fe31ee748e053860b3bac7794a933ac9ac

Linux a6d190f8c7670068d8c154ef8477eca07b5e3574

Linux 6.0

References

https://git.kernel.org/stable/c/386c49fe31ee748e053860b3b...

https://git.kernel.org/stable/c/ae64438be1923e3c1102d90fd...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 1, 2025
Vulnerability Reserved
May 1, 2025