Linux Kernel CAN ISOTP Address Family Validation Vulnerability

A vulnerability in the Linux kernel's CAN ISOTP implementation allowed binding with an incorrect address family. The issue arose because the isotp_bind function did not properly validate the CAN address family, allowing AF_XDP binds instead of the required AF_CAN. While this vulnerability had no functional impact, it could lead to incorrect address family information being processed by userspace applications.

Impact

Exploitation of this vulnerability could result in userspace applications receiving incorrect address family information, potentially leading to miscommunication or errors in CAN protocol handling.

Reproduction

The vulnerability can be reproduced by attempting to bind a socket using the AF_XDP address family instead of AF_CAN. This can be done with a userspace application that creates a socket, specifies the AF_XDP address family, and then attempts to bind the socket. The isotp_bind function will accept the bind request without the necessary validation, allowing the incorrect address family to be used.

Remediation

The vulnerability has been addressed in Linux kernel versions that include the upstream commit c6adf659a8ba85913e16a571d5a9bcd17d3d1234. Users should upgrade to a version that includes this commit.