5.5

CVE-2025-38665

can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode

In the Linux kernel, the following vulnerability has been resolved:

can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode

Andrei Lalaev reported a NULL pointer deref when a CAN device is
restarted from Bus Off and the driver does not implement the struct
can_priv::do_set_mode callback.

There are 2 code path that call struct can_priv::do_set_mode:
- directly by a manual restart from the user space, via
  can_changelink()
- delayed automatic restart after bus off (deactivated by default)

To prevent the NULL pointer deference, refuse a manual restart or
configure the automatic restart delay in can_changelink() and report
the error via extack to user space.

As an additional safety measure let can_restart() return an error if
can_priv::do_set_mode is not set instead of dereferencing it
unchecked.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.31 < 6.1.148
LinuxLinux Kernel Version >= 6.2 < 6.6.101
LinuxLinux Kernel Version >= 6.7 < 6.12.41
LinuxLinux Kernel Version >= 6.13 < 6.15.9
LinuxLinux Kernel Version6.16 Updaterc1
LinuxLinux Kernel Version6.16 Updaterc2
LinuxLinux Kernel Version6.16 Updaterc3
LinuxLinux Kernel Version6.16 Updaterc4
LinuxLinux Kernel Version6.16 Updaterc5
LinuxLinux Kernel Version6.16 Updaterc6
LinuxLinux Kernel Version6.16 Updaterc7
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.033
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/6bbcf37c5114926c99a1d1e6993a5b35689d2599
Patch
https://git.kernel.org/stable/c/cf81a60a973358dea163f6b14062f17831ceb894
Patch
https://git.kernel.org/stable/c/0ca816a96fdcf32644c80cbe7a82c7b6ce6ddda5
Patch
https://git.kernel.org/stable/c/6acceb46180f9e160d4f0c56fcaf39ba562822ae
Patch
https://git.kernel.org/stable/c/c1f3f9797c1f44a762e6f5f72520b2e520537b52
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory