Linux Kernel CAN Stack NULL Pointer Dereference Vulnerability in IRQ Context

Vulnerability

A vulnerability in the Linux kernel's CAN network stack can lead to a NULL pointer dereference. This issue arises when a driver calls 'can_get_echo_skb()' during a hardware interrupt, which can trigger a warning and, under certain network congestion conditions, cause a NULL pointer dereference. The root cause is improper handling of socket buffer (skb) memory management in the presence of hardware interrupts. The vulnerability affects the CAN stack, which is an exception to the usual rule that loopback socket buffers should not be processed during hardware interrupts.

Impact

Exploiting this vulnerability can lead to a NULL pointer dereference, causing a kernel crash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel CAN Stack NULL Pointer Dereference Vulnerability in IRQ Context

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating