CVE-2022-48830

EPSS 0.01%
Veröffentlicht 16.07.2024 12:15:06
Zuletzt bearbeitet 25.09.2025 19:22:00
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

can: isotp: fix potential CAN frame reception race in isotp_rcv()

In the Linux kernel, the following vulnerability has been resolved:

can: isotp: fix potential CAN frame reception race in isotp_rcv()

When receiving a CAN frame the current code logic does not consider
concurrently receiving processes which do not show up in real world
usage.

Ziyang Xuan writes:

The following syz problem is one of the scenarios. so->rx.len is
changed by isotp_rcv_ff() during isotp_rcv_cf(), so->rx.len equals
0 before alloc_skb() and equals 4096 after alloc_skb(). That will
trigger skb_over_panic() in skb_put().

=======================================================
CPU: 1 PID: 19 Comm: ksoftirqd/1 Not tainted 5.16.0-rc8-syzkaller #0
RIP: 0010:skb_panic+0x16c/0x16e net/core/skbuff.c:113
Call Trace:
 <TASK>
 skb_over_panic net/core/skbuff.c:118 [inline]
 skb_put.cold+0x24/0x24 net/core/skbuff.c:1990
 isotp_rcv_cf net/can/isotp.c:570 [inline]
 isotp_rcv+0xa38/0x1e30 net/can/isotp.c:668
 deliver net/can/af_can.c:574 [inline]
 can_rcv_filter+0x445/0x8d0 net/can/af_can.c:635
 can_receive+0x31d/0x580 net/can/af_can.c:665
 can_rcv+0x120/0x1c0 net/can/af_can.c:696
 __netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:5465
 __netif_receive_skb+0x24/0x1b0 net/core/dev.c:5579

Therefore we make sure the state changes and data structures stay
consistent at CAN frame reception time by adding a spin_lock in
isotp_rcv(). This fixes the issue reported by syzkaller but does not
affect real world operation.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

NVD 6 VulnDex Vulnerability Enrichment 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.10 < 5.10.101

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.24

Linux ≫ Linux Kernel Version >= 5.16 < 5.16.10

Linux ≫ Linux Kernel Version5.17 Updaterc1

Linux ≫ Linux Kernel Version5.17 Updaterc2

Linux ≫ Linux Kernel Version5.17 Updaterc3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.021

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.7	1	3.6	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://git.kernel.org/stable/c/5b068f33bc8acfcfd5ea7992a2dafb30d89bad30

Patch

https://git.kernel.org/stable/c/7b53d2204ce79b27a878074a77d64f40ec21dbca

Patch

https://git.kernel.org/stable/c/7c759040c1dd03954f650f147ae7175476d51314

Patch

https://git.kernel.org/stable/c/f90cc68f9f4b5d8585ad5d0a206a9d37ac299ef3

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-48830

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-48830

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-48830

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-48830