We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-48977

can: af_can: fix NULL pointer dereference in can_rcv_filter



Description

In the Linux kernel, the following vulnerability has been resolved: can: af_can: fix NULL pointer dereference in can_rcv_filter Analogue to commit 8aa59e355949 ("can: af_can: fix NULL pointer dereference in can_rx_register()") we need to check for a missing initialization of ml_priv in the receive path of CAN frames. Since commit 4e096a18867a ("net: introduce CAN specific pointer in the struct net_device") the check for dev->type to be ARPHRD_CAN is not sufficient anymore since bonding or tun netdevices claim to be CAN devices but do not initialize ml_priv accordingly.

Reserved 2024-08-22 | Published 2024-10-21 | Updated 2024-11-04 | Assigner Linux

Product status

Default status
unaffected

4ac1feff6ea6 before 3982652957e8
affected

1a5751d58b14 before c42221efb115
affected

4e096a18867a before c142cba37de2
affected

4e096a18867a before fcc63f2f7ee3
affected

4e096a18867a before 0acc442309a0
affected

Default status
affected

5.12
affected

Any version before 5.12
unaffected

5.4.227
unaffected

5.10.159
unaffected

5.15.83
unaffected

6.0.13
unaffected

6.1
unaffected

References

git.kernel.org/...c/3982652957e8d79ac32efcb725450580650a8644

git.kernel.org/...c/c42221efb1159d6a3c89e96685ee38acdce86b6f

git.kernel.org/...c/c142cba37de29f740a3852f01f59876af8ae462a

git.kernel.org/...c/fcc63f2f7ee3038d53216edd0d8291e57c752557

git.kernel.org/...c/0acc442309a0a1b01bcdaa135e56e6398a49439c

cve.org (CVE-2022-48977)

nvd.nist.gov (CVE-2022-48977)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2022-48977

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.