logo_clicknbuy.png

CVE-2025-38665 – Linux Kernel CAN NULL Pointer Dereference Vulnerability

The following table lists the changes that have been made to the
CVE-2025-38665 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Aug. 22, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved:

    can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode

    Andrei Lalaev reported a NULL pointer deref when a CAN device is
    restarted from Bus Off and the driver does not implement the struct
    can_priv::do_set_mode callback.

    There are 2 code path that call struct can_priv::do_set_mode:
    – directly by a manual restart from the user space, via
    can_changelink()
    – delayed automatic restart after bus off (deactivated by default)

    To prevent the NULL pointer deference, refuse a manual restart or
    configure the automatic restart delay in can_changelink() and report
    the error via extack to user space.

    As an additional safety measure let can_restart() return an error if
    can_priv::do_set_mode is not set instead of dereferencing it
    unchecked.
    Added Reference https://git.kernel.org/stable/c/0ca816a96fdcf32644c80cbe7a82c7b6ce6ddda5
    Added Reference https://git.kernel.org/stable/c/6acceb46180f9e160d4f0c56fcaf39ba562822ae
    Added Reference https://git.kernel.org/stable/c/6bbcf37c5114926c99a1d1e6993a5b35689d2599
    Added Reference https://git.kernel.org/stable/c/c1f3f9797c1f44a762e6f5f72520b2e520537b52
    Added Reference https://git.kernel.org/stable/c/cf81a60a973358dea163f6b14062f17831ceb894
Share the Post:

Related Posts