CVE-2022-49845

Summary

In the Linux kernel, the following vulnerability has been resolved:

can: j1939: j1939_send_one(): fix missing CAN header initialization

The read access to struct canxl_frame::len inside of a j1939 created skbuff revealed a missing initialization of reserved and later filled elements in struct can_frame.

This patch initializes the 8 byte CAN header with zero.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux9d71dd0c70099914fcd063135da3c580865e924c < d0513b095e1ef1469718564dec3fb3348556d0a8affected
LinuxLinux9d71dd0c70099914fcd063135da3c580865e924c < f8e0edeaa0f2b860bdbbf0aafb4492533043d650affected
LinuxLinux9d71dd0c70099914fcd063135da3c580865e924c < 69e86c6268d59ceddd0abe9ae8f1f5296f316c3caffected
LinuxLinux9d71dd0c70099914fcd063135da3c580865e924c < 2719f82ad5d8199cf5f346ea8bb3998ad5323b72affected
LinuxLinux9d71dd0c70099914fcd063135da3c580865e924c < 3eb3d283e8579a22b81dd2ac3987b77465b2a22faffected
LinuxLinux5.4affected
LinuxLinux0 < 5.4unaffected
LinuxLinux5.4.225 <= 5.4.*unaffected
LinuxLinux5.10.155 <= 5.10.*unaffected
LinuxLinux5.15.79 <= 5.15.*unaffected
LinuxLinux6.0.9 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References