CVE-2025-38665
published 2025-08-22CVE-2025-38665: In the Linux kernel, the following vulnerability has been resolved: can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
In the Linux kernel, the following vulnerability has been resolved:
can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode
Andrei Lalaev reported a NULL pointer deref when a CAN device is
restarted from Bus Off and the driver does not implement the struct
can_priv::do_set_mode callback.
There are 2 code path that call struct can_priv::do_set_mode:
- directly by a manual restart from the user space, via
can_changelink()
- delayed automatic restart after bus off (deactivated by default)
To prevent the NULL pointer deference, refuse a manual restart or
configure the automatic restart delay in can_changelink() and report
the error via extack to user space.
As an additional safety measure let can_restart() return an error if
can_priv::do_set_mode is not set instead of dereferencing it
unchecked.
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.148-1 (bookworm) | linux 6.1.148-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.148-1 (bookworm) | linux 6.1.148-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 39549eef3587f1c1e8c65c88a2400d10fd30ea17 < 6bbcf37c5114926c99a1d1e6993a5b35689d2599 | 6bbcf37c5114926c99a1d1e6993a5b35689d2599 |
| linux | linux | >= 39549eef3587f1c1e8c65c88a2400d10fd30ea17 < cf81a60a973358dea163f6b14062f17831ceb894 | cf81a60a973358dea163f6b14062f17831ceb894 |
| linux | linux | >= 39549eef3587f1c1e8c65c88a2400d10fd30ea17 < 0ca816a96fdcf32644c80cbe7a82c7b6ce6ddda5 | 0ca816a96fdcf32644c80cbe7a82c7b6ce6ddda5 |
| linux | linux | >= 39549eef3587f1c1e8c65c88a2400d10fd30ea17 < 6acceb46180f9e160d4f0c56fcaf39ba562822ae | 6acceb46180f9e160d4f0c56fcaf39ba562822ae |
| linux | linux | >= 39549eef3587f1c1e8c65c88a2400d10fd30ea17 < c1f3f9797c1f44a762e6f5f72520b2e520537b52 | c1f3f9797c1f44a762e6f5f72520b2e520537b52 |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 6.1.148-1 | 6.1.148-1 |
| linux | linux_kernel | >= 0 < 6.12.41-1 | 6.12.41-1 |
| linux | linux_kernel | >= 0 < 6.16.3-1 | 6.16.3-1 |
| linux | linux_kernel | >= 0 < 6.8.0-100.100 | 6.8.0-100.100 |
| linux | linux_kernel | >= 2.6.31 < 6.1.148 | 6.1.148 |
| linux | linux_kernel | >= 6.13 < 6.15.9 | 6.15.9 |
| linux | linux_kernel | >= 6.2 < 6.6.101 | 6.6.101 |
| linux | linux_kernel | >= 6.7 < 6.12.41 | 6.12.41 |
| msrc | azl3_kernel_6.6.96.2-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_kernel_6.6.96.2-2_on_azure_linux_3.0 | — | — |
| msrc | cbl2_kernel_5.15.186.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_kernel_5.15.200.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_kernel_5.15.202.1-1_on_cbl_mariner_2.0 | — | — |
| ubuntu | linux-aws | — | — |
| ubuntu | linux-aws-6.8 | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.5MEDIUM