CVE-2022-48977

can: af_can: fix NULL pointer dereference in can_rcv_filter

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

MITRE

In the Linux kernel, the following vulnerability has been resolved:

can: af_can: fix NULL pointer dereference in can_rcv_filter

Analogue to commit 8aa59e355949 ("can: af_can: fix NULL pointer
dereference in can_rx_register()") we need to check for a missing
initialization of ml_priv in the receive path of CAN frames.

Since commit 4e096a18867a ("net: introduce CAN specific pointer in the
struct net_device") the check for dev->type to be ARPHRD_CAN is not
sufficient anymore since bonding or tun netdevices claim to be CAN
devices but do not initialize ml_priv accordingly.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-08-22 CVE Reserved
2024-10-21 CVE Published
2024-10-26 EPSS Updated
2024-11-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/4ac1feff6ea6495cbfd336f4438a6c6d140544a6	Vuln. Introduced
https://git.kernel.org/stable/c/1a5751d58b14195f763b8c1d9ef33fb8a93e95e7	Vuln. Introduced
https://git.kernel.org/stable/c/4e096a18867a5a989b510f6999d9c6b6622e8f7b	Vuln. Introduced
https://git.kernel.org/stable/c/96340078d50a54f6a1252c62596bc44321c8bff9	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/3982652957e8d79ac32efcb725450580650a8644	2022-12-14
https://git.kernel.org/stable/c/c42221efb1159d6a3c89e96685ee38acdce86b6f	2022-12-14
https://git.kernel.org/stable/c/c142cba37de29f740a3852f01f59876af8ae462a	2022-12-14
https://git.kernel.org/stable/c/fcc63f2f7ee3038d53216edd0d8291e57c752557	2022-12-14
https://git.kernel.org/stable/c/0acc442309a0a1b01bcdaa135e56e6398a49439c	2022-12-07

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.110 < 5.4.227 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.110 < 5.4.227"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.28 < 5.10.159 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.28 < 5.10.159"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 5.15.83 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 5.15.83"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 6.0.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 6.0.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 6.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 6.1"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.11.12 Search vendor "Linux" for product "Linux Kernel" and version "5.11.12"		en		Affected