113 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanreadfifo,echotxevent: The shift timestamp is now set to 32 bits. In commit 1be37d3b0414 “can: mcan: fix periph RX path: use rx-offload to ensure that packets are sent from the softirq context”, the RX path for...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: can: pchcan; pchcanrxnormal: fix use after free After calling netifreceiveskbskb, dereferencing the skb is unsafe. In particular, the canframe field, which aliases memory associated with the skb, is dereferenced just after the ca...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939sessionactivate fail if the device is no longer registered. syzbot still reports that unregisternetdevice: waiting for vcan0 to become free. Usage count = 2. Even after commit 93a27b5891b8 “can: j1939: add...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Can: kvaserpciefd: refined error-prone handling of echoskbmax echoskbmax should define the supported upper limit for echoskb, which is allocated within the private space of the netdevice. The corresponding size value provided ...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007312)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007312 advisory. In the Linux kernel, the following vulnerability has been resolved: can: j1939: Fix UAF in j1939skmatchfilter during setsockoptSOJ1939FILTER Lock jsk-sk to prevent U...
SUSE CVE-2026-23298
In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucanreadbulkcallback, hanging the system. If the lengt...
SUSE CVE-2026-23362
In the Linux kernel, the following vulnerability has been resolved: can: bcm: fix locking for bcmop runtime updates Commit c2aba69d0c36 "can: bcm: add locking for bcmop runtime updates" added a locking for some variables that can be modified at runtime when updating the sending bcmop with a new...
EUVD-2026-15342
In the Linux kernel, the following vulnerability has been resolved: can: bcm: fix locking for bcmop runtime updates Commit c2aba69d0c36 "can: bcm: add locking for bcmop runtime updates" added a locking for some variables that can be modified at runtime when updating the sending bcmop with a new...
UBUNTU-CVE-2026-23362
In the Linux kernel, the following vulnerability has been resolved: can: bcm: fix locking for bcmop runtime updates Commit c2aba69d0c36 "can: bcm: add locking for bcmop runtime updates" added a locking for some variables that can be modified at runtime when updating the sending bcmop with a new...
CVE-2026-23298
In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucanreadbulkcallback, hanging the system. If the lengt...
UBUNTU-CVE-2026-23298
In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucanreadbulkcallback, hanging the system. If the lengt...
CVE-2025-32058
CVE-2025-32058 is evidenced in connected PT Security reports as a stack overflow in the v850 core when handling CBR in the Nissan Leaf ZE1 2020 infotainment ECU software stack. Root cause: improper stack handling in the v850 processing path. Documented impact: potential remote code execution (RCE...
CVE-2026-23155 can: gs_usb: gs_usb_receive_bulk_callback(): fix error message
In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: fix error message Sinc commit 79a6d1bfe114 "can: gsusb: gsusbreceivebulkcallback: unanchor URL on usbsubmiturb error" a failing resubmit URB will print an info message. In the case of a short...
SUSE CVE-2026-23080
In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: mcbausbreadbulkcallback: fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a "can: gsusb: gsusbreceivebulkcallback: fix URB memory leak". In mcbausbprobe - mcbausbstart, the URBs for USB-in transfe...
EUVD-2026-5463
In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: mcbausbreadbulkcallback: fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a "can: gsusb: gsusbreceivebulkcallback: fix URB memory leak". In mcbausbprobe - mcbausbstart, the URBs for USB-in transfe...
EUVD-2026-4637
In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939xtprxrtssessionactive: deactivate session upon receiving the second rts Since j1939sessiondeactivateactivatenext in j1939tprxtimer is called only when the timer is enabled, we need to call...
CVE-2023-29389
Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the bumper away and reaching the headlight connector, and then sending forged "Key is validated"...
CVE-2023-54105 can: isotp: check CAN address family in isotp_bind()
In the Linux kernel, the following vulnerability has been resolved: can: isotp: check CAN address family in isotpbind Add missing check to block non-AFCAN binds. Syzbot created some code which matched the right sockaddr struct size but used AFXDP 0x2C instead of AFCAN 0x1D in the address family...
SUSE CVE-2025-40107
In the Linux kernel, the following vulnerability has been resolved: can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled This issue is similar to the vulnerability in the mcp251x driver, which was fixed in commit 03c427147b2d "can: mcp251x: fix resume fr...
CVE-2025-39987
In the Linux kernel, the following vulnerability has been resolved: can: hi311x: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the PFPACKET...