CVE-2022-49659

can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits

Description

In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits In commit 1be37d3b0414 ("can: m_can: fix periph RX path: use rx-offload to ensure skbs are sent from softirq context") the RX path for peripheral devices was switched to RX-offload. Received CAN frames are pushed to RX-offload together with a timestamp. RX-offload is designed to handle overflows of the timestamp correctly, if 32 bit timestamps are provided. The timestamps of m_can core are only 16 bits wide. So this patch shifts them to full 32 bit before passing them to RX-offload.

N/A
CVSS
Severity:
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/c7333f79888497bfd75dcd02a94eaf836dd1042c
https://git.kernel.org/stable/c/2a2914a5bd7f38efe55a8372178146de82e0bce9
https://git.kernel.org/stable/c/4c3333693f07313f5f0145a922f14a7d3c0f4f21

Frequently Asked Questions

What is the severity of CVE-2022-49659?
CVE-2022-49659 has not yet been assigned a CVSS score.
How to fix CVE-2022-49659?
To fix CVE-2022-49659, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49659 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49659 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49659?
CVE-2022-49659 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.