CVE-2025-21775

Summary

In the Linux kernel, the following vulnerability has been resolved:

can: ctucanfd: handle skb allocation failure

If skb allocation fails, the pointer to struct can_frame is NULL. This is actually handled everywhere inside ctucan_err_interrupt() except for the only place.

Add the missed NULL check.

Found by Linux Verification Center (linuxtesting.org) with SVACE static analysis tool.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux2dcb8e8782d8e4c38903bf37b1a24d3ffd193da7 < 84b9ac59978a6a4e0812d1c938fad97306272cefaffected
LinuxLinux2dcb8e8782d8e4c38903bf37b1a24d3ffd193da7 < e505b83b9ee6aa0ae2f4395f573a66579ae403fbaffected
LinuxLinux2dcb8e8782d8e4c38903bf37b1a24d3ffd193da7 < b0e592dd46a0a952b41c3bf6c963afdd6a42b526affected
LinuxLinux2dcb8e8782d8e4c38903bf37b1a24d3ffd193da7 < e7e2e2318b1f085044126ba553a4e619842fc36daffected
LinuxLinux2dcb8e8782d8e4c38903bf37b1a24d3ffd193da7 < 9bd24927e3eeb85642c7baa3b28be8bea6c2a078affected
LinuxLinux5.19affected
LinuxLinux0 < 5.19unaffected
LinuxLinux6.1.129 <= 6.1.*unaffected
LinuxLinux6.6.79 <= 6.6.*unaffected
LinuxLinux6.12.16 <= 6.12.*unaffected
LinuxLinux6.13.4 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References