Linux Kernel CAN Interface Out-of-Bounds Read Vulnerability Leading to Frame Drops

Vulnerability

A vulnerability in the Linux kernel's CAN subsystem can cause virtual CAN interfaces, such as vcan and vxcan, to drop CAN frames. This issue arises from an out-of-bounds read related to the 'priv->ctrlmode' element, which is accessed even on virtual CAN interfaces that do not initialize the 'can_priv' structure at startup. The problem was introduced in a previous commit and has been addressed by reverting that change and implementing a new helper for CAN interface drivers to provide the necessary information.

Impact

Exploitation of this vulnerability can lead to unintended drops of CAN frames on affected virtual CAN interfaces.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel CAN Interface Out-of-Bounds Read Vulnerability Leading to Frame Drops

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating