CVE-2025-21775

can: ctucanfd: handle skb allocation failure

Description

In the Linux kernel, the following vulnerability has been resolved: can: ctucanfd: handle skb allocation failure If skb allocation fails, the pointer to struct can_frame is NULL. This is actually handled everywhere inside ctucan_err_interrupt() except for the only place. Add the missed NULL check. Found by Linux Verification Center (linuxtesting.org) with SVACE static analysis tool.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/84b9ac59978a6a4e0812d1c938fad97306272cef patch
https://git.kernel.org/stable/c/e505b83b9ee6aa0ae2f4395f573a66579ae403fb patch
https://git.kernel.org/stable/c/b0e592dd46a0a952b41c3bf6c963afdd6a42b526 patch
https://git.kernel.org/stable/c/e7e2e2318b1f085044126ba553a4e619842fc36d patch
https://git.kernel.org/stable/c/9bd24927e3eeb85642c7baa3b28be8bea6c2a078 patch

Frequently Asked Questions

What is the severity of CVE-2025-21775?
CVE-2025-21775 has been scored as a medium severity vulnerability.
How to fix CVE-2025-21775?
To fix CVE-2025-21775, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-21775 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-21775 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-21775?
CVE-2025-21775 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.