CVE-2022-49844

Summary

In the Linux kernel, the following vulnerability has been resolved:

can: dev: fix skb drop check

In commit a6d190f8c767 ("can: skb: drop tx skb if in listen only mode") the priv->ctrlmode element is read even on virtual CAN interfaces that do not create the struct can_priv at startup. This out-of-bounds read may lead to CAN frame drops for virtual CAN interfaces like vcan and vxcan.

This patch mainly reverts the original commit and adds a new helper for CAN interface drivers that provide the required information in struct can_priv.

[mkl: patch pch_can, too]

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa6d190f8c7670068d8c154ef8477eca07b5e3574 < 386c49fe31ee748e053860b3bac7794a933ac9acaffected
LinuxLinuxa6d190f8c7670068d8c154ef8477eca07b5e3574 < ae64438be1923e3c1102d90fd41db7afcfaf54ccaffected
LinuxLinux6.0affected
LinuxLinux0 < 6.0unaffected
LinuxLinux6.0.9 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References