Buffer Overflow Vulnerability in etas_es58x Driver for Linux Kernel

CVE-2025-39988

What is CVE-2025-39988?

A vulnerability exists in the etas_es58x driver within the Linux kernel, where an attacker can exploit the mishandling of the MTU configuration. By sending a specially crafted PF_PACKET to the xmit() function, an attacker can bypass critical checks and cause a buffer overflow. This occurs due to an invalid MTU being set, allowing malicious CAN XL frames to be injected, which the driver then misinterprets, leading to potential memory corruption. To mitigate this issue, proper validation on the net_device_ops->ndo_change_mtu() function has been implemented to restrict the MTU settings to safe values based on the device's capabilities.

References