CVE-2022-49844

can: dev: fix skb drop check

Description

In the Linux kernel, the following vulnerability has been resolved: can: dev: fix skb drop check In commit a6d190f8c767 ("can: skb: drop tx skb if in listen only mode") the priv->ctrlmode element is read even on virtual CAN interfaces that do not create the struct can_priv at startup. This out-of-bounds read may lead to CAN frame drops for virtual CAN interfaces like vcan and vxcan. This patch mainly reverts the original commit and adds a new helper for CAN interface drivers that provide the required information in struct can_priv. [mkl: patch pch_can, too]

References

Link	Tags
https://git.kernel.org/stable/c/386c49fe31ee748e053860b3bac7794a933ac9ac	patch
https://git.kernel.org/stable/c/ae64438be1923e3c1102d90fd41db7afcfaf54cc	patch

Frequently Asked Questions

What is the severity of CVE-2022-49844?: CVE-2022-49844 has been scored as a high severity vulnerability.
How to fix CVE-2022-49844?: To fix CVE-2022-49844, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49844 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-49844 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49844?: CVE-2022-49844 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-125 – Out-of-bounds Read

References

Frequently Asked Questions