50 matches found
ROS-20260211-73-0004
A vulnerability in the net/can/bcm.c component of the Linux kernel is related to the use of memory after it has been freed. Exploitation of the vulnerability may allow an attacker to gain access to confidential data, violate its integrity, and cause denial of service...
ROS-20260205-73-0001
A vulnerability in the net/can/bcm.c component of the Linux operating system kernel is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability may allow an attacker to gain access to sensitive data and also cause a denial of service...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001493)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001493 advisory. net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are...
Linux Distros Unpatched Vulnerability : CVE-2021-32606
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel 5.11 through 5.12.2, isotpsetsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. This does not...
Linux Distros Unpatched Vulnerability : CVE-2021-3609
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash...
The vulnerability of the bcm_release() function in the net/can/bcm.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the bcmrelease function in the net/can/bcm.c module of the Linux kernel is related to the reutilization of previously released memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...
CVE-2024-42076
In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: Initialize unused data in j1939sendone syzbot reported kernel-infoleak in rawrecvmsg 1. j1939sendone creates full frame including unused data, but it doesn't initialize it. This causes the kernel-infoleak issue...
CVE-2024-42076 net: can: j1939: Initialize unused data in j1939_send_one()
In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: Initialize unused data in j1939sendone syzbot reported kernel-infoleak in rawrecvmsg 1. j1939sendone creates full frame including unused data, but it doesn't initialize it. This causes the kernel-infoleak issue...
kernel: NULL pointer dereference in can_rcv_filter
A NULL pointer dereference issue was found in the can protocol in net/can/afcan.c in the Linux kernel, where mlpriv may not be initialized in the receive path of CAN frames. This flaw allows a local user to crash the system or cause a denial of service...
Linux Kernel af_can.c Denial of Service Vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in the Linux Kernel that stems from a null pointer dereference issue found in the CAN protocol in net/can/afcan.c. mlpriv may not be...
CVE-2023-2166
A null pointer dereference issue was found in can protocol in net/can/afcan.c in the Linux before Linux. mlpriv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service...
K17957133: Linux kernel vulnerability CVE-2019-3701
Security Advisory Description An issue was discovered in cancangwrcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the candlc field. Because of a missing check, the CAN drivers may write arbitrary...
NewStart CGSL MAIN 6.02 : kernel Vulnerability (NS-SA-2022-0099)
The remote NewStart CGSL host, running version MAIN 6.02, has kernel packages installed that are affected by a vulnerability: - In the Linux kernel before 5.4.16, a race condition in tty-discdata handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824...
Double Free
Linux kernel is vulnerable to double free. The vulnerability exists in usb8devstartxmit in drivers/net/can/usb/usb8dev.c because is no need to call devkfreeskb when usbsubmiturb fails because canputechoskb deletes original skb and canfreeechoskb deletes the cloned skb causing a double free...
Ubuntu 16.04 ESM : Linux kernel (Azure) vulnerabilities (USN-5541-1)
The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5541-1 advisory. Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some...
Double Free
linux is vulnerable to double free. The vulnerability exists due to a memory corruption in the mcbausbstartxmit in drivers/net/can/usb/mcbausb.c which allow an attacker to cause an application crash...
CVE-2022-28388
CVE-2022-28388 affects the Linux kernel driver usb_8dev_start_xmit (drivers/net/can/usb/usb_8dev.c). The vulnerability is a double free in the function usb_8dev_start_xmit, present up to kernel versions including 5.17.1. Documents reference a commit addressing the issue and mention downstream adv...
CVE-2022-28390
emsusbstartxmit in drivers/net/can/usb/emsusb.c in the Linux kernel through 5.17.1 has a double free...
Mageia: Security Advisory (MGASA-2021-0366)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2020-0183)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...