Description
In the Linux kernel, the following vulnerability has been resolved: can: af_can: fix NULL pointer dereference in can_rcv_filter Analogue to commit 8aa59e355949 ("can: af_can: fix NULL pointer dereference in can_rx_register()") we need to check for a missing initialization of ml_priv in the receive path of CAN frames. Since commit 4e096a18867a ("net: introduce CAN specific pointer in the struct net_device") the check for dev->type to be ARPHRD_CAN is not sufficient anymore since bonding or tun netdevices claim to be CAN devices but do not initialize ml_priv accordingly.
References (5)
Core 5
Core References
Scores
CVSS v3
5.5
EPSS
0.0024
EPSS Percentile
15.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (22)
linux/Kernel
< 5.4.227linux
linux/Kernel
5.11.0 - 5.15.83linux
linux/Kernel
5.12.0 - 6.0.13linux
linux/Kernel
5.5.0 - 5.10.159linux
Linux/Linux
< 5.12
Linux/Linux
1a5751d58b14195f763b8c1d9ef33fb8a93e95e7 - c42221efb1159d6a3c89e96685ee38acdce86b6f
Linux/Linux
4ac1feff6ea6495cbfd336f4438a6c6d140544a6 - 3982652957e8d79ac32efcb725450580650a8644
Linux/Linux
4e096a18867a5a989b510f6999d9c6b6622e8f7b - 0acc442309a0a1b01bcdaa135e56e6398a49439c
Linux/Linux
4e096a18867a5a989b510f6999d9c6b6622e8f7b - c142cba37de29f740a3852f01f59876af8ae462a
Linux/Linux
4e096a18867a5a989b510f6999d9c6b6622e8f7b - fcc63f2f7ee3038d53216edd0d8291e57c752557
... and 12 more
Published
Oct 21, 2024
Tracked Since
Feb 18, 2026