Linux Kernel CAN BCM Locking Vulnerability in Runtime Updates

Vulnerability

A vulnerability in the Linux kernel's CAN broadcast manager (CAN BCM) has been addressed. The issue arose because CAN BCM can send a sequence of CAN frames via hrtimer, with the content and length of the sequence adjustable at runtime. This dynamic modification, although initially thought to be safe, allowed user space to trigger updates to the 'currframe' counter, resetting it to zero. Exploitation could lead to a KASAN slab-out-of-bounds read access. The vulnerability has been mitigated by adding a spin lock to protect the 'count' variable, which can be altered from both user space and hrtimer context.

Impact

Exploitation of this vulnerability could lead to a KASAN slab-out-of-bounds read access.

Added: Jun 8, 2025, 11:16 AM

Updated: Jun 8, 2025, 11:16 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.1

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.1

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel CAN BCM Locking Vulnerability in Runtime Updates

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating