SB20250502154 - Out-of-bounds read in Linux kernel net can driver
Published: May 2, 2025 Updated: May 10, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2022-49844)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xcan_start_xmit() function in drivers/net/can/xilinx_can.c, within the usb_8dev_start_xmit() function in drivers/net/can/usb/usb_8dev.c, within the ucan_start_xmit() function in drivers/net/can/usb/ucan.c, within the peak_usb_ndo_start_xmit() function in drivers/net/can/usb/peak_usb/pcan_usb_core.c, within the mcba_usb_start_xmit() function in drivers/net/can/usb/mcba_usb.c, within the kvaser_usb_start_xmit() function in drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c, within the gs_can_start_xmit() function in drivers/net/can/usb/gs_usb.c, within the es58x_start_xmit() function in drivers/net/can/usb/etas_es58x/es58x_core.c, within the esd_usb_start_xmit() function in drivers/net/can/usb/esd_usb.c, within the ems_usb_start_xmit() function in drivers/net/can/usb/ems_usb.c, within the ti_hecc_xmit() function in drivers/net/can/ti_hecc.c, within the sun4ican_start_xmit() function in drivers/net/can/sun4i_can.c, within the mcp251xfd_start_xmit() function in drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c, within the mcp251x_hard_start_xmit() function in drivers/net/can/spi/mcp251x.c, within the hi3110_hard_start_xmit() function in drivers/net/can/spi/hi311x.c, within the softing_netdev_start_xmit() function in drivers/net/can/softing/softing_main.c, within the slcan_netdev_xmit() function in drivers/net/can/slcan/slcan-core.c, within the sja1000_start_xmit() function in drivers/net/can/sja1000/sja1000.c, within the rcar_canfd_start_xmit() function in drivers/net/can/rcar/rcar_canfd.c, within the rcar_can_start_xmit() function in drivers/net/can/rcar/rcar_can.c, within the peak_canfd_start_xmit() function in drivers/net/can/peak_canfd/peak_canfd.c, within the pch_xmit() function in drivers/net/can/pch_can.c, within the mscan_start_xmit() function in drivers/net/can/mscan/mscan.c, within the m_can_start_xmit() function in drivers/net/can/m_can/m_can.c, within the kvaser_pciefd_start_xmit() function in drivers/net/can/kvaser_pciefd.c, within the ican3_xmit() function in drivers/net/can/janz-ican3.c, within the ifi_canfd_start_xmit() function in drivers/net/can/ifi_canfd/ifi_canfd.c, within the grcan_start_xmit() function in drivers/net/can/grcan.c, within the flexcan_start_xmit() function in drivers/net/can/flexcan/flexcan-core.c, within the can_skb_headroom_valid() and can_dropped_invalid_skb() functions in drivers/net/can/dev/skb.c, within the ctucan_start_xmit() function in drivers/net/can/ctucanfd/ctucanfd_base.c, within the cc770_start_xmit() function in drivers/net/can/cc770/cc770.c, within the can327_netdev_start_xmit() function in drivers/net/can/can327.c, within the c_can_start_xmit() function in drivers/net/can/c_can/c_can_main.c, within the at91_start_xmit() function in drivers/net/can/at91_can.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.