11 matches found
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: can: mcbausb: fixed a memory leak in mcbausb Syzbot reported a memory leak in the SocketCAN driver for the Microchip CAN BUS Analyzer Tool. The problem was in the unfreed usbcoherent component. In mcbausbstart, 20 coherent...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: The mcbausb driver lacks the implementation of netdeviceops-ndochangemtu, which prevents buffer overflows. Sending a PFPACKET message allows bypassing the CAN driver’s logic and directly accessing the xmit function. The only chec...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004401)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004401 advisory. In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcbausb.c driver, aka...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003989)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003989 advisory. In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcbausb.c driver, aka...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000206)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000206 advisory. In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcbausb.c driver, aka...
Linux Distros Unpatched Vulnerability : CVE-2025-39985
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: mcbausb: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit...
EUVD-2025-34587
In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the PFPACKE...
CVE-2025-39985
In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the PFPACKE...
AZL-68474 CVE-2025-39985 affecting package kernel for versions less than 6.6.112.1-1
In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the PFPACKE...
UBUNTU-CVE-2025-39985
In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the PFPACKE...
PT-2025-42260
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's mcba usb CAN driver related to handling PF PACKET sockets and CAN XL frames. Specifically, the driver lacks proper MTU validation through the ndo chan...