Buffer Overflow Vulnerability in sun4i_can Driver Can Affect Kernel Versions
CVE-2025-39987

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
15 October 2025

What is CVE-2025-39987?

A buffer overflow vulnerability exists in the sun4i_can driver within the Linux Kernel due to improper handling of the MTU (Maximum Transmission Unit) settings. This flaw permits an attacker to manipulate the MTU value, allowing them to send a malicious CAN XL frame directly to the CAN driver. The driver misinterprets this frame as a standard CAN frame, leading to insufficient validation checks during packet transmission. Consequently, it may attempt to process a frame with an exaggerated length, resulting in a potential overflow during memory operations. To mitigate this issue, the driver must correctly implement the net_device_ops->ndo_change_mtu() method to enforce MTU size restrictions, thereby preventing malicious exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 57e83fb9b7468c75cb65cde1d23043553c346c6d

Linux 57e83fb9b7468c75cb65cde1d23043553c346c6d < 8f351db6b2367991f0736b2cff082f5de4872113

Linux 57e83fb9b7468c75cb65cde1d23043553c346c6d < 7ab85762274c0fa997f0ef9a2307b2001aae43c4

References

https://git.kernel.org/stable/c/f2c247e9581024d8b3dd44cbe...
https://git.kernel.org/stable/c/8f351db6b2367991f0736b2cf...
https://git.kernel.org/stable/c/7ab85762274c0fa997f0ef9a2...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.