CVE-2025-40107

Summary

In the Linux kernel, the following vulnerability has been resolved:

can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled

This issue is similar to the vulnerability in the mcp251x driver, which was fixed in commit 03c427147b2d ("can: mcp251x: fix resume from sleep before interface was brought up").

In the hi311x driver, when the device resumes from sleep, the driver schedules priv->restart_work. However, if the network interface was not previously enabled, the priv->wq (workqueue) is not allocated and initialized, leading to a null pointer dereference.

To fix this, we move the allocation and initialization of the workqueue from the hi3110_open function to the hi3110_can_probe function. This ensures that the workqueue is properly initialized before it is used during device resume. And added logic to destroy the workqueue in the error handling paths of hi3110_can_probe and in the hi3110_can_remove function to prevent resource leaks.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux57e83fb9b7468c75cb65cde1d23043553c346c6d < d1fc4c041459e2d4856c1b2501486ba4f0cbf96baffected
LinuxLinux57e83fb9b7468c75cb65cde1d23043553c346c6d < e93af787187e585933570563c643337fa731584aaffected
LinuxLinux57e83fb9b7468c75cb65cde1d23043553c346c6d < 1d2ef21f02baff0c109ad78b9e835fb4acb14533affected
LinuxLinux57e83fb9b7468c75cb65cde1d23043553c346c6d < fd00cf38fd437c979f0e5905e3ebdfc3f55a4b96affected
LinuxLinux57e83fb9b7468c75cb65cde1d23043553c346c6d < 6b696808472197b77b888f50bc789a3bae077743affected
LinuxLinux4.12affected
LinuxLinux0 < 4.12unaffected
LinuxLinux6.1.156 <= 6.1.*unaffected
LinuxLinux6.6.111 <= 6.6.*unaffected
LinuxLinux6.12.52 <= 6.12.*unaffected
LinuxLinux6.16.12 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

References