Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix tx.buf use-after-free in isotpsendmsg isotpsendmsg only uses cmpxchg on so-tx.state to serialize access to so-tx.buf. isotprelease waits for ISOTPIDLE via waiteventinterruptible, then calls kfreeso-tx.buf. If a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: In isotp.bind, a check for the CAN address family was added. This prevents bindings that use non-AFCAN address families from being allowed. The Syzbot team created some code that matches the correct sockaddr structure size, but i...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: can: isotp: sanitize CAN ID checks in isotpBind Syzbot created an environment that led to a state machine status that cannot be reached with a compliant CAN ID address configuration. The provided address information consisted of...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: can: isotp: isotpsendmsg: add result check for waiteventinterruptible Using waiteventinterruptible to wait for complete transmission, but do not check the result of waiteventinterruptible which can be interrupted. It will result ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: In the isotprcv function, there is a potential issue regarding the reception of CAN frames. Currently, the current code logic does not take into account processes that are receiving CAN frames concurrently and that do not appear ...

CVE-2026-37532

AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotpcontinuereceive receive.c:87-89, the payloadlength for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a standard CAN frame is only 8...

CVE-2026-37532

AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotpcontinuereceive receive.c:87-89, the payloadlength for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a standard CAN frame is only 8...

PT-2026-36509

Name of the Vulnerable Software and Affected Versions openxc/isotp-c versions prior to commit 5a5d19245f65189202719321facd49ce6f5d46ac Description An out-of-bounds read exists in the ISO-TP Single Frame receive handler. The issue occurs because the 4-bit payload length nibble is used directly as...

CVE-2026-37532

CVE-2026-37532 affects AGL agl-service-can-low-level up to version 17.1.12, with a heap buffer over-read in the isotp-c library. In isotp_continue_receive, payload_length for a Single Frame is read from a 4-bit nibble, yielding 0–15, but a standard CAN frame has only 8 bytes and payload starts at...

PT-2026-36507

Name of the Vulnerable Software and Affected Versions AGL agl-service-can-low-level versions prior to 17.1.12 Description A heap buffer over-read exists in the isotp-c library. In the isotp continue receive function, the payload length for a Single Frame is extracted from a 4-bit nibble in the CA...

CVE-2026-37532

AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotpcontinuereceive receive.c:87-89, the payloadlength for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a standard CAN frame is only 8...

CVE-2026-37532

AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotpcontinuereceive receive.c:87-89, the payloadlength for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a standard CAN frame is only 8...

EUVD-2026-24827

In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix tx.buf use-after-free in isotpsendmsg isotpsendmsg uses only cmpxchg on so-tx.state to serialize access to so-tx.buf. isotprelease waits for ISOTPIDLE via waiteventinterruptible and then calls kfreeso-tx.buf. If a...

CVE-2026-31474

In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix tx.buf use-after-free in isotpsendmsg isotpsendmsg uses only cmpxchg on so-tx.state to serialize access to so-tx.buf. isotprelease waits for ISOTPIDLE via waiteventinterruptible and then calls kfreeso-tx.buf. If a...

CVE-2026-31474 can: isotp: fix tx.buf use-after-free in isotp_sendmsg()

In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix tx.buf use-after-free in isotpsendmsg isotpsendmsg uses only cmpxchg on so-tx.state to serialize access to so-tx.buf. isotprelease waits for ISOTPIDLE via waiteventinterruptible and then calls kfreeso-tx.buf. If a...

CVE-2026-31474

The CVE-2026-31474 issue affects the Linux kernel’s CAN ISO-TP (isotp) path. The bug is a use-after-free involving isotp_sendmsg() and the so->tx.buf buffer: if a signal interrupts wait_event_interruptible() inside close() while tx.state is ISOTP_SENDING, the release path may free so->tx.bu...

PT-2026-34379

In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix tx.buf use-after-free in isotp sendmsg isotp sendmsg uses only cmpxchg on so-tx.state to serialize access to so-tx.buf. isotp release waits for ISOTP IDLE via wait event interruptible and then calls kfreeso-tx.buf...

Linux Distros Unpatched Vulnerability : CVE-2026-31474

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: isotp: fix tx.buf use-after-free in isotpsendmsg isotpsendmsg uses only cmpxchg on so-tx.state to serialize access to so-tx.buf. isotprelease waits for...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013451)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013451 advisory. In the Linux kernel 5.11 through 5.12.2, isotpsetsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. This does not affect...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010749)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010749 advisory. In the Linux kernel 5.11 through 5.12.2, isotpsetsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. This does not affect...