9 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: The issue was that can: ucan: introduced an out-of-bound read in the strscpy function’s source code. Commit 7fdaf8966aae “can: ucan: use strscpy instead of strncpy” inadvertently resulted in an out-of-bound read of one byte from...
CVE-2026-46103
In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...
CVE-2026-46103
CVE-2026-46103 affects the Linux kernel, specifically the USB stack where can: ucan fixes the devres lifetime. The root cause is that resources bound to USB interfaces were not guaranteed to outlive the parent USB device, leading to memory leaks when drivers unbind (e.g., during probe deferrals o...
CVE-2026-23298
A flaw was found in the Linux kernel's CAN Controller Area Network ucan driver. This vulnerability allows a connected ucan device to send a message with a zero-length field. Such a message can trigger an infinite loop within the driver, causing the system to hang. This ultimately leads to a denia...
CVE-2026-23298 can: ucan: Fix infinite loop from zero-length messages
In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucanreadbulkcallback, hanging the system. If the lengt...
PT-2026-27663
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s ucan component that can lead to a system hang. Specifically, if a malfunctioning ucan device receives a message with a message length field set to 0,...
DEBIAN-CVE-2025-22003
In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix out of bound read in strscpy source Commit 7fdaf8966aae "can: ucan: use strscpy to instead of strncpy" unintentionally introduced a one byte out of bound read on strscpy's source argument which is kind of ironic...
AZL-59826 CVE-2025-22003 affecting package kernel for versions less than 6.6.85.1-2
In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix out of bound read in strscpy source Commit 7fdaf8966aae "can: ucan: use strscpy to instead of strncpy" unintentionally introduced a one byte out of bound read on strscpy's source argument which is kind of ironic...
UBUNTU-CVE-2025-22003
In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix out of bound read in strscpy source Commit 7fdaf8966aae "can: ucan: use strscpy to instead of strncpy" unintentionally introduced a one byte out of bound read on strscpy's source argument which is kind of ironic...