发布于3月6日3月6日 Members Debian: CVE-2022-48977: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 10/23/2024 Created 10/24/2024 Added 10/23/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: can: af_can: fix NULL pointer dereference in can_rcv_filter Analogue to commit 8aa59e355949 ("can: af_can: fix NULL pointer dereference in can_rx_register()") we need to check for a missing initialization of ml_priv in the receive path of CAN frames. Since commit 4e096a18867a ("net: introduce CAN specific pointer in the struct net_device") the check for dev->type to be ARPHRD_CAN is not sufficient anymore since bonding or tun netdevices claim to be CAN devices but do not initialize ml_priv accordingly. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2022-48977 CVE - 2022-48977
参与讨论
你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。