Linux Kernel Memory Leak Vulnerability in CAN Error Message Handling

Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's CAN (Controller Area Network) error message handling. The issue arises in the function 'es58x_rx_err_msg()', where a failure in 'can->do_set_mode()' causes the function to return prematurely, leaving a socket buffer (skb) allocated by 'alloc_can_err_skb()' unfreed. This behavior creates a memory leak. The vulnerability has been addressed by modifying the function to remove the early return in the error handling path, allowing for proper cleanup of the allocated skb.

Impact

Exploitation of this vulnerability leads to a memory leak, causing increased memory usage that is not released back to the system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Memory Leak Vulnerability in CAN Error Message Handling

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating