kernel: can: isotp: fix tx.buf use-after-free in isotp_sendmsg()

A flaw was found in the Linux kernel's Controller Area Network CAN ISO-TP isotp module. This vulnerability, known as a use-after-free, occurs when the system attempts to free a memory region while it is still being used. A local attacker could trigger this condition by sending a signal that...

kernel: can: isotp: fix tx.buf use-after-free in isotp_sendmsg()

A flaw was found in the Linux kernel's Controller Area Network CAN ISO-TP isotp module. This vulnerability, known as a use-after-free, occurs when the system attempts to free a memory region while it is still being used. A local attacker could trigger this condition by sending a signal that...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanclassallocatedev – The spin lock in struct mcanclassdev is not being initialized. This causes issues with spinlocks, as seen in complaints from the kernel, such as when trying to send CAN frames using cansend from...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/sched: actskbmod: Skip non-Ethernet packets Currently, tcfskbmodact assumes that packets use Ethernet as their L2 protocol, which is not always the case. For example, for CAN devices: bash $ ip link add dev vcan0 type vcan $ ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: can: mcan: pci: added the missing mcanclassfreedev function in probe/remove methods. In mcanpciremove and the error handling path of mcanpciprobe, mcanclassfreedev should be called to release resources allocated by...

kernel: can: j1939: j1939_session_new(): fix skb reference counting

In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939sessionnew: fix skb reference counting Since j1939sessionskbqueue does an extra skbget for each new skb, do the same for the initial one in j1939sessionnew to avoid refcount underflow. mkl: clean up commit messag...

kernel: can: raw: fix ro->uniq use-after-free in raw_rcv()

A flaw was found in the Linux kernel's Controller Area Network CAN raw socket implementation. A use-after-free vulnerability can occur due to a timing window during the unregistration of CAN receive filters, allowing a freed memory region to be accessed. This could lead to system instability or a...

kernel: can: raw: fix ro->uniq use-after-free in raw_rcv()

A flaw was found in the Linux kernel's Controller Area Network CAN raw socket implementation. A use-after-free vulnerability can occur due to a timing window during the unregistration of CAN receive filters, allowing a freed memory region to be accessed. This could lead to system instability or a...

kernel: can: raw: fix ro->uniq use-after-free in raw_rcv()

A flaw was found in the Linux kernel's Controller Area Network CAN raw socket implementation. A use-after-free vulnerability can occur due to a timing window during the unregistration of CAN receive filters, allowing a freed memory region to be accessed. This could lead to system instability or a...

CVE-2026-49317

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

CVE-2026-37534

Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe 2025-11-30 in SAEJ1939ReadTransportProtocolDataTransfer,allows attackers to write to arbitrary memory via crafted sequence number from the CAN frame...

CVE-2026-49316

Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module WCM into the CAN bus-off state. Using a well-known CAN...

CVE-2026-49318

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

CVE-2026-49318 Indian Scout Bobber 2025 Infotainment Digital Round skips PIN entry when WCM is silent at boot

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

EUVD-2026-33313

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

CVE-2026-49317

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

CVE-2026-49317 Indian Scout Bobber 2025 Infotainment Digital Round skips PIN entry when WCM is silent at boot

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

EUVD-2026-33293

Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module WCM into the CAN bus-off state. Using a well-known CAN...

Indian Motorcycle Scout Bobber + Tech 安全漏洞

The Indian Motorcycle Scout Bobber + Tech is a mid-level cruiser motorcycle produced by the Japanese company Indian Motorcycle. The 2025 version of the Indian Motorcycle Scout Bobber + Tech has security vulnerabilities. These vulnerabilities arise from attackers exploiting a flaw in the wireless...

PT-2026-44851

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...