CVE-2026-49316

Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module WCM into the CAN bus-off state. Using a well-known CAN...

CVE-2026-49316

Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module WCM into the CAN bus-off state. Using a well-known CAN...

CVE-2026-49316 Indian Scout Bobber 2025 WCM CAN bus-off attack silently bypasses anti-theft shutdown

Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module WCM into the CAN bus-off state. Using a well-known CAN...

EUVD-2026-33293

Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module WCM into the CAN bus-off state. Using a well-known CAN...

CVE-2026-49316

The CVE-2026-49316 entry describes an in-vehicle CAN bus‑level fault: an adjacent-network attacker can force the Wireless Control Module (WCM) into bus‑off via a CAN error‑frame‑injection technique against periodic WCM transmissions. This drives the WCM CAN controller’s transmit error counter pas...

CVE-2026-49316 Indian Scout Bobber 2025 WCM CAN bus-off attack silently bypasses anti-theft shutdown

Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module WCM into the CAN bus-off state. Using a well-known CAN...

CVE-2026-49316

Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module WCM into the CAN bus-off state. Using a well-known CAN...

PT-2026-44850

Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module WCM into the CAN bus-off state. Using a well-known CAN...

Azure Linux 3.0 Security Update: kernel (CVE-2024-56651)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56651 advisory. - In the Linux kernel, the following vulnerability has been resolved: can: hi311x: hi3110canist: fix potential...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: can: netlink: canchangelink: fixed the NULL pointer dereference in struct canpriv::dosetmode. Andrei Lalaev reported a NULL pointer dereference when a CAN device is restarted from a Bus Off state, and the driver does not implemen...

EUVD-2023-57863

Malicious code in bioql PyPI...

SUSE CVE-2025-38665

In the Linux kernel, the following vulnerability has been resolved: can: netlink: canchangelink: fix NULL pointer deref of struct canpriv::dosetmode Andrei Lalaev reported a NULL pointer deref when a CAN device is restarted from Bus Off and the driver does not implement the struct...

AZL-73638 CVE-2025-38665 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: can: netlink: canchangelink: fix NULL pointer deref of struct canpriv::dosetmode Andrei Lalaev reported a NULL pointer deref when a CAN device is restarted from Bus Off and the driver does not implement the struct...

CVE-2025-38665

CVE-2025-38665 (Linux kernel CAN): A NULL pointer dereference in netlink can_changelink() when restarting a CAN device, due to missing can_priv::do_set_mode callback. Two code paths call this callback: manual restart via can_changelink() and delayed automatic restart after bus off. The fix preven...

CVE-2025-38665 can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode

In the Linux kernel, the following vulnerability has been resolved: can: netlink: canchangelink: fix NULL pointer deref of struct canpriv::dosetmode Andrei Lalaev reported a NULL pointer deref when a CAN device is restarted from Bus Off and the driver does not implement the struct...

CVE-2023-5563

The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIGCANAUTOBUSOFFRECOVERY=y. This results in calling ksleep in IRQ context, causing a fatal exception...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: can: hi311x: hi3110canist – fixed the potential use-after-free issue. The commit a22bd630cfff “can: hi311x: do not report txerr and rxerr during bus-off” removed the reporting of rxerr and txerr even in cases where the operation...

PT-2025-34426

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A NULL pointer dereference issue was identified in the Linux kernel’s CAN Controller Area Network subsystem. Specifically, the issue occurs within the can changelink function when a CA...

DEBIAN-CVE-2024-56651

In the Linux kernel, the following vulnerability has been resolved: can: hi311x: hi3110canist: fix potential use-after-free The commit a22bd630cfff "can: hi311x: do not report txerr and rxerr during bus-off" removed the reporting of rxerr and txerr even in case of correct operation i. e. not...

AZL-54884 CVE-2024-56651 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: can: hi311x: hi3110canist: fix potential use-after-free The commit a22bd630cfff "can: hi311x: do not report txerr and rxerr during bus-off" removed the reporting of rxerr and txerr even in case of correct operation i. e. not...