CVE-2025-39988

CVE-2025-39988 (Linux kernel) describes a buffer overflow in the etas_es58x CAN driver when MTU is set beyond CAN_MTU/CANFD_MTU via PF_PACKET, enabling crafted CAN XL frames to bypass canDev checks. Root cause: net_device_ops->ndo_change_mtu() not populated, allowing invalid MTU configuration ...