5.5

CVE-2025-21775

can: ctucanfd: handle skb allocation failure

In the Linux kernel, the following vulnerability has been resolved:

can: ctucanfd: handle skb allocation failure

If skb allocation fails, the pointer to struct can_frame is NULL. This
is actually handled everywhere inside ctucan_err_interrupt() except for
the only place.

Add the missed NULL check.

Found by Linux Verification Center (linuxtesting.org) with SVACE static
analysis tool.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.19 < 6.1.129
LinuxLinux Kernel Version >= 6.2 < 6.6.79
LinuxLinux Kernel Version >= 6.7 < 6.12.16
LinuxLinux Kernel Version >= 6.13 < 6.13.4
LinuxLinux Kernel Version6.14 Updaterc1
LinuxLinux Kernel Version6.14 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.108
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/84b9ac59978a6a4e0812d1c938fad97306272cef
Patch
https://git.kernel.org/stable/c/9bd24927e3eeb85642c7baa3b28be8bea6c2a078
Patch
https://git.kernel.org/stable/c/b0e592dd46a0a952b41c3bf6c963afdd6a42b526
Patch
https://git.kernel.org/stable/c/e505b83b9ee6aa0ae2f4395f573a66579ae403fb
Patch
https://git.kernel.org/stable/c/e7e2e2318b1f085044126ba553a4e619842fc36d
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html