Out-of-Bounds Read in Linux Kernel Affects Virtual CAN Interfaces
CVE-2022-49844
7.1HIGH
What is CVE-2022-49844?
A vulnerability in the Linux kernel can lead to out-of-bounds reads on virtual CAN interfaces, specifically vcan and vxcan. This issue occurs when the 'priv->ctrlmode' element is accessed on interfaces that do not initialize the 'struct can_priv', resulting in potential data leakage and CAN frame drops. The original commit was reverted, and a new helper function was introduced to mitigate this flaw in CAN interface drivers.
Affected Version(s)
Linux a6d190f8c7670068d8c154ef8477eca07b5e3574 < 386c49fe31ee748e053860b3bac7794a933ac9ac
Linux a6d190f8c7670068d8c154ef8477eca07b5e3574
Linux 6.0