{"id":"CVE-2022-48977","summary":"can: af_can: fix NULL pointer dereference in can_rcv_filter","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ncan: af_can: fix NULL pointer dereference in can_rcv_filter\n\nAnalogue to commit 8aa59e355949 (\"can: af_can: fix NULL pointer\ndereference in can_rx_register()\") we need to check for a missing\ninitialization of ml_priv in the receive path of CAN frames.\n\nSince commit 4e096a18867a (\"net: introduce CAN specific pointer in the\nstruct net_device\") the check for dev-\u003etype to be ARPHRD_CAN is not\nsufficient anymore since bonding or tun netdevices claim to be CAN\ndevices but do not initialize ml_priv accordingly.","modified":"2026-04-11T12:43:23.282979Z","published":"2024-10-21T20:05:56.389Z","related":["SUSE-SU-2024:3983-1","SUSE-SU-2024:3985-1","SUSE-SU-2024:4082-1","SUSE-SU-2024:4131-1","SUSE-SU-2024:4364-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48977.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0acc442309a0a1b01bcdaa135e56e6398a49439c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3982652957e8d79ac32efcb725450580650a8644"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c142cba37de29f740a3852f01f59876af8ae462a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c42221efb1159d6a3c89e96685ee38acdce86b6f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fcc63f2f7ee3038d53216edd0d8291e57c752557"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48977.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48977"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4ac1feff6ea6495cbfd336f4438a6c6d140544a6"},{"fixed":"3982652957e8d79ac32efcb725450580650a8644"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1a5751d58b14195f763b8c1d9ef33fb8a93e95e7"},{"fixed":"c42221efb1159d6a3c89e96685ee38acdce86b6f"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4e096a18867a5a989b510f6999d9c6b6622e8f7b"},{"fixed":"c142cba37de29f740a3852f01f59876af8ae462a"},{"fixed":"fcc63f2f7ee3038d53216edd0d8291e57c752557"},{"fixed":"0acc442309a0a1b01bcdaa135e56e6398a49439c"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"96340078d50a54f6a1252c62596bc44321c8bff9"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48977.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.227"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.159"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.83"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.12.0"},{"fixed":"6.0.13"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48977.json"}}],"schema_version":"1.7.5"}