SB2025022725 - Input validation error in Linux kernel can
Published: February 27, 2025 Updated: May 11, 2025
Security Bulletin ID
SB2025022725
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2022-49269)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the isotp_bind() function in net/can/isotp.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/3ea566422cbde9610c2734980d1286ab681bb40e
- https://git.kernel.org/stable/c/7b4652fc71dcec043977a6def80ef5034c913615
- https://git.kernel.org/stable/c/cf522d741f5301223cc94b978eb1603c7590d65e
- https://git.kernel.org/stable/c/d72866a7f5326160d2a9d945a33eb6ef1883e25d
- https://git.kernel.org/stable/c/f343dbe82314ab457153c9afd970be4e9e553020
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.33