Linux Kernel J1939 CAN Header Initialization Vulnerability

Vulnerability

A vulnerability in the Linux kernel's J1939 implementation has been addressed, concerning the 'j1939_send_one()' function. The issue involved a missing initialization of the CAN header in a J1939-created socket buffer, which left certain elements uninitialized. This vulnerability could potentially lead to undefined behavior by exposing read access to an improperly initialized CAN frame structure. The patch corrects this by ensuring the 8-byte CAN header is properly initialized to zero.

Impact

The vulnerability could lead to undefined behavior due to the read access of an uninitialized CAN frame, potentially allowing for exploitation through the J1939 protocol.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel J1939 CAN Header Initialization Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating