CVE-2022-49844
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
can: dev: fix skb drop check
In commit a6d190f8c767 ("can: skb: drop tx skb if in listen only mode") the priv->ctrlmode element is read even on virtual CAN interfaces that do not create the struct can_priv at startup. This out-of-bounds read may lead to CAN frame drops for virtual CAN interfaces like vcan and vxcan.
This patch mainly reverts the original commit and adds a new helper for CAN interface drivers that provide the required information in struct can_priv.
[mkl: patch pch_can, too]
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | a6d190f8c7670068d8c154ef8477eca07b5e3574 < 386c49fe31ee748e053860b3bac7794a933ac9ac | affected |
| Linux | Linux | a6d190f8c7670068d8c154ef8477eca07b5e3574 < ae64438be1923e3c1102d90fd41db7afcfaf54cc | affected |
| Linux | Linux | 6.0 | affected |
| Linux | Linux | 0 < 6.0 | unaffected |
| Linux | Linux | 6.0.9 <= 6.0.* | unaffected |
| Linux | Linux | 6.1 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://git.kernel.org/stable/c/386c49fe31ee748e053860b3bac7794a933ac9ac
- https://git.kernel.org/stable/c/ae64438be1923e3c1102d90fd41db7afcfaf54cc
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.