CVE-2022-48977

Summary

In the Linux kernel, the following vulnerability has been resolved:

can: af_can: fix NULL pointer dereference in can_rcv_filter

Analogue to commit 8aa59e355949 ("can: af_can: fix NULL pointer dereference in can_rx_register()") we need to check for a missing initialization of ml_priv in the receive path of CAN frames.

Since commit 4e096a18867a ("net: introduce CAN specific pointer in the struct net_device") the check for dev->type to be ARPHRD_CAN is not sufficient anymore since bonding or tun netdevices claim to be CAN devices but do not initialize ml_priv accordingly.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4ac1feff6ea6495cbfd336f4438a6c6d140544a6 < 3982652957e8d79ac32efcb725450580650a8644affected
LinuxLinux1a5751d58b14195f763b8c1d9ef33fb8a93e95e7 < c42221efb1159d6a3c89e96685ee38acdce86b6faffected
LinuxLinux4e096a18867a5a989b510f6999d9c6b6622e8f7b < c142cba37de29f740a3852f01f59876af8ae462aaffected
LinuxLinux4e096a18867a5a989b510f6999d9c6b6622e8f7b < fcc63f2f7ee3038d53216edd0d8291e57c752557affected
LinuxLinux4e096a18867a5a989b510f6999d9c6b6622e8f7b < 0acc442309a0a1b01bcdaa135e56e6398a49439caffected
LinuxLinux96340078d50a54f6a1252c62596bc44321c8bff9affected
LinuxLinux5.4.110 < 5.4.227affected
LinuxLinux5.10.28 < 5.10.159affected
LinuxLinux5.11.12 < 5.12affected
LinuxLinux5.12affected
LinuxLinux0 < 5.12unaffected
LinuxLinux5.4.227 <= 5.4.*unaffected
LinuxLinux5.10.159 <= 5.10.*unaffected
LinuxLinux5.15.83 <= 5.15.*unaffected
LinuxLinux6.0.13 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References