-
CVE-2025-38665
- EPSS 0.03%
- Published 22.08.2025 16:02:57
- Last modified 22.08.2025 18:08:51
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved: can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode Andrei Lalaev reported a NULL pointer deref when a CAN device is restarted from Bus Off and the driver does not implement the struct can_priv::do_set_mode callback. There are 2 code path that call struct can_priv::do_set_mode: - directly by a manual restart from the user space, via can_changelink() - delayed automatic restart after bus off (deactivated by default) To prevent the NULL pointer deference, refuse a manual restart or configure the automatic restart delay in can_changelink() and report the error via extack to user space. As an additional safety measure let can_restart() return an error if can_priv::do_set_mode is not set instead of dereferencing it unchecked.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
6bbcf37c5114926c99a1d1e6993a5b35689d2599
Version
39549eef3587f1c1e8c65c88a2400d10fd30ea17
Status
affected
Version <
cf81a60a973358dea163f6b14062f17831ceb894
Version
39549eef3587f1c1e8c65c88a2400d10fd30ea17
Status
affected
Version <
0ca816a96fdcf32644c80cbe7a82c7b6ce6ddda5
Version
39549eef3587f1c1e8c65c88a2400d10fd30ea17
Status
affected
Version <
6acceb46180f9e160d4f0c56fcaf39ba562822ae
Version
39549eef3587f1c1e8c65c88a2400d10fd30ea17
Status
affected
Version <
c1f3f9797c1f44a762e6f5f72520b2e520537b52
Version
39549eef3587f1c1e8c65c88a2400d10fd30ea17
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version
2.6.31
Status
affected
Version <
2.6.31
Version
0
Status
unaffected
Version <=
6.1.*
Version
6.1.148
Status
unaffected
Version <=
6.6.*
Version
6.6.101
Status
unaffected
Version <=
6.12.*
Version
6.12.41
Status
unaffected
Version <=
6.15.*
Version
6.15.9
Status
unaffected
Version <=
*
Version
6.16
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.055 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|