Description
In the Linux kernel, the following vulnerability has been resolved: can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds If the "struct can_priv::echoo_skb" is accessed out of bounds, this would cause a kernel crash. Instead, issue a meaningful warning message and return with an error.
References (5)
Core 5
Core References
Mailing List, Patch
https://git.kernel.org/stable/c/0d30931f1fa0fb893fb7d5dc32b6b7edfb775be4
Mailing List, Patch
https://git.kernel.org/stable/c/53c468008a7c9ca3f5fc985951f35ec2acae85bc
Mailing List, Patch
https://git.kernel.org/stable/c/6411959c10fe917288cbb1038886999148560057
Mailing List, Patch
https://git.kernel.org/stable/c/826120c9ba68f2d0dbae58e99013929c883d1444
Mailing List, Patch
https://git.kernel.org/stable/c/8ab67da060157362b2e0926692c659808784708f
Scores
CVSS v3
5.5
EPSS
0.0002
EPSS Percentile
3.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-125
Status
published
Products (1)
linux/linux_kernel
2.6.33 - 5.15.139
Published
May 21, 2024
Tracked Since
Feb 18, 2026