CVE-2025-38665 - Linux Kernel CAN NULL Pointer Dereference Vulnerability

CVE ID : CVE-2025-38665
Published : Aug. 22, 2025, 4:15 p.m. | 41 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode Andrei Lalaev reported a NULL pointer deref when a CAN device is restarted from Bus Off and the driver does not implement the struct can_priv::do_set_mode callback. There are 2 code path that call struct can_priv::do_set_mode: - directly by a manual restart from the user space, via can_changelink() - delayed automatic restart after bus off (deactivated by default) To prevent the NULL pointer deference, refuse a manual restart or configure the automatic restart delay in can_changelink() and report the error via extack to user space. As an additional safety measure let can_restart() return an error if can_priv::do_set_mode is not set instead of dereferencing it unchecked.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

from Latest Vulnerabilities https://ift.tt/q6C0jQR
via IFTTT

CVE-2025-38665 - Linux Kernel CAN NULL Pointer Dereference Vulnerability

Post a Comment

CVE-2025-0842 | Library-Card-System | SQL Injection Admin Login Bypass In admin.php | Found By Maloy Roy Orko

Categories

Main Tags

Contact Form

Latest Posts

Popular Posts

CVE-2025-0842 | Library-Card-System | SQL Injection Admin Login Bypass In admin.php | Found By Maloy Roy Orko

Needyamin | Library-Card-System 1.0 | card.php?id= SQL Injection | Found By Maloy Roy Orko

CVE-2025-0721 | Image_Gallery | view.php?username= | Cross Site Scripting (Reflected XSS) | Found By Maloy Roy Orko

Contact Form