Spin Lock Initialization Vulnerability in Linux Kernel Affecting CAN Devices
CVE-2025-37993

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 29 May 2025

What is CVE-2025-37993?

A vulnerability exists in the Linux kernel related to the initialization of the spin lock 'tx_handling_spinlock' within the 'm_can_classdev' structure. When the kernel attempts to send CAN frames using 'cansend' from 'can-utils', it may produce a 'spinlock bad magic' error due to the uninitialized state of the spin lock. This issue can lead to unexpected behavior and potential system instability. Proper initialization of the spin lock in 'm_can_class_allocate_dev' effectively addresses this vulnerability, enhancing the reliability of CAN communications in Linux systems.

Affected Version(s)

Linux 1fa80e23c15051edc1c594270517de3517ded798 < 2ecce25ea296f328d79070ee36229a15aeeb7aca

Linux 1fa80e23c15051edc1c594270517de3517ded798 < 7d5379cfecfdd665e4206bc4f19824656388779f

Linux 1fa80e23c15051edc1c594270517de3517ded798

References

https://git.kernel.org/stable/c/2ecce25ea296f328d79070ee3...

https://git.kernel.org/stable/c/7d5379cfecfdd665e4206bc4f...

https://git.kernel.org/stable/c/dcaeeb8ae84c5506ebc574732...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2025
Vulnerability Reserved
Apr 16, 2025