Acknowledged
Created: Sep 23, 2025
Updated: Oct 7, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB[EOL][EOL]can_put_echo_skb() takes ownership of the SKB and it may be freed[EOL]during or after the call.[EOL][EOL]However, xilinx_can xcan_write_frame() keeps using SKB after the call.[EOL][EOL]Fix that by only calling can_put_echo_skb() after the code is done[EOL]touching the SKB.[EOL][EOL]The tx_lock is held for the entire xcan_write_frame() execution and[EOL]also on the can_get_echo_skb() side so the order of operations does not[EOL]matter.[EOL][EOL]An earlier fix commit 3d3c817c3a40 ("can: xilinx_can: Fix usage of skb[EOL]memory") did not move the can_put_echo_skb() call far enough.[EOL][EOL][mkl: add "commit" in front of sha1 in patch description][EOL][mkl: fix indention]
