Acknowledged
Created: Aug 24, 2025
Updated: Aug 26, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode[EOL][EOL]Andrei Lalaev reported a NULL pointer deref when a CAN device is[EOL]restarted from Bus Off and the driver does not implement the struct[EOL]can_priv::do_set_mode callback.[EOL][EOL]There are 2 code path that call struct can_priv::do_set_mode:[EOL]- directly by a manual restart from the user space, via[EOL] can_changelink()[EOL]- delayed automatic restart after bus off (deactivated by default)[EOL][EOL]To prevent the NULL pointer deference, refuse a manual restart or[EOL]configure the automatic restart delay in can_changelink() and report[EOL]the error via extack to user space.[EOL][EOL]As an additional safety measure let can_restart() return an error if[EOL]can_priv::do_set_mode is not set instead of dereferencing it[EOL]unchecked.
CREATE(Triage):(User=pbi-cn) [CVE-2025-38665 (https://nvd.nist.gov/vuln/detail/CVE-2025-38665)
