Buffer Handling Issue in Kvaser PCIEFD CAN Driver for Linux Kernel
CVE-2025-38224

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 July 2025

What is CVE-2025-38224?

A vulnerability has been discovered in the Kvaser PCI Express FD CAN driver within the Linux kernel, where the echo_skb_max handling logic is improperly managed. Specifically, the maximum size for echo_skb[] is incorrectly rounded up to the nearest power of two, which can lead to out-of-bounds memory access under certain conditions. This flaw was reported by the Linux Verification Center using Syzkaller, highlighting a potential for accessing invalid memory addresses during the acknowledgment packet handling process, posing risks of data corruption or system instability during CAN operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 352fbde14177d608a54120b6ff559ce5b3cf6238

Linux 8256e0ca601051933e9395746817f3801fa9a6bf

Linux 8256e0ca601051933e9395746817f3801fa9a6bf < 54ec8b08216f3be2cc98b33633d3c8ea79749895

References

https://git.kernel.org/stable/c/d8a054b6e6824a8b52c3977eb...
https://git.kernel.org/stable/c/a6550c9aa11e2f57f9cdaa624...
https://git.kernel.org/stable/c/54ec8b08216f3be2cc98b3363...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.