CVE-2025-71182

Summary

In the Linux kernel, the following vulnerability has been resolved:

can: j1939: make j1939_session_activate() fail if device is no longer registered

syzbot is still reporting

unregister_netdevice: waiting for vcan0 to become free. Usage count = 2

even after commit 93a27b5891b8 ("can: j1939: add missing calls in NETDEV_UNREGISTER notification handler") was added. A debug printk() patch found that j1939_session_activate() can succeed even after j1939_cancel_active_session() from j1939_netdev_notify(NETDEV_UNREGISTER) has completed.

Since j1939_cancel_active_session() is processed with the session list lock held, checking ndev->reg_state in j1939_session_activate() with the session list lock held can reliably close the race window.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux9d71dd0c70099914fcd063135da3c580865e924c < ebb0dfd718dd31c8d3600612ca4b7207ec3d923aaffected
LinuxLinux9d71dd0c70099914fcd063135da3c580865e924c < c3a4316e3c746af415c0fd6c6d489ad13f53714daffected
LinuxLinux9d71dd0c70099914fcd063135da3c580865e924c < 46ca9dc978923c5e1247a9e9519240ba7ace413caffected
LinuxLinux9d71dd0c70099914fcd063135da3c580865e924c < 78d87b72cebe2a993fd5b017e9f14fb6278f2eaeaffected
LinuxLinux9d71dd0c70099914fcd063135da3c580865e924c < ba6f0d1832eeb5eb3a6dc5cb30e0f720b3cb3536affected
LinuxLinux9d71dd0c70099914fcd063135da3c580865e924c < 79dd3f1d9dd310c2af89b09c71f34d93973b200faffected
LinuxLinux9d71dd0c70099914fcd063135da3c580865e924c < 5d5602236f5db19e8b337a2cd87a90ace5ea776daffected
LinuxLinux5.4affected
LinuxLinux0 < 5.4unaffected
LinuxLinux5.10.248 <= 5.10.*unaffected
LinuxLinux5.15.198 <= 5.15.*unaffected
LinuxLinux6.1.161 <= 6.1.*unaffected
LinuxLinux6.6.121 <= 6.6.*unaffected
LinuxLinux6.12.66 <= 6.12.*unaffected
LinuxLinux6.18.6 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References