Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: The mcbausb driver fails to populate the ndochangemtu function, allowing for a buffer overflow. Sending a PFPACKET message allows bypassing the CAN driver’s logic and directly reaching the xmit function of the CAN driver. The onl...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: can: mcbausb: fixed a memory leak in mcbausb Syzbot reported a memory leak in the SocketCAN driver for the Microchip CAN BUS Analyzer Tool. The problem occurred in unfreeing the usbcoherent object. In the mcbausbstart function...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004401)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004401 advisory. In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcbausb.c driver, aka...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003989)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003989 advisory. In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcbausb.c driver, aka...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000206)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000206 advisory. In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcbausb.c driver, aka...

Linux Distros Unpatched Vulnerability : CVE-2025-39985

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: mcbausb: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit...

EUVD-2025-34587

In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the PFPACKE...

CVE-2025-39985

In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the PFPACKE...

AZL-68474 CVE-2025-39985 affecting package kernel for versions less than 6.6.112.1-1

In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the PFPACKE...

UBUNTU-CVE-2025-39985

In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the PFPACKE...

PT-2025-42260

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's mcba usb CAN driver related to handling PF PACKET sockets and CAN XL frames. Specifically, the driver lacks proper MTU validation through the ndo chan...