Memory Allocation Issue in Linux Kernel Affects CAN Frame Handling
CVE-2025-21775

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A memory allocation issue has been identified in the Linux kernel that affects the handling of CAN frame structures. Specifically, if the socket buffer (skb) allocation fails, the pointer to the can_frame structure becomes NULL. Although most functions within ctucan_err_interrupt() properly handle this NULL pointer scenario, there exists a location where this check is omitted, potentially leading to undefined behavior. This vulnerability was discovered by the Linux Verification Center using the SVACE static analysis tool, emphasizing the need for consistent error handling in kernel code.

Affected Version(s)

Linux 2dcb8e8782d8e4c38903bf37b1a24d3ffd193da7 < 84b9ac59978a6a4e0812d1c938fad97306272cef

Linux 2dcb8e8782d8e4c38903bf37b1a24d3ffd193da7

References

https://git.kernel.org/stable/c/84b9ac59978a6a4e0812d1c93...

https://git.kernel.org/stable/c/e505b83b9ee6aa0ae2f4395f5...

https://git.kernel.org/stable/c/b0e592dd46a0a952b41c3bf6c...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024