{"id":"CVE-2022-49269","summary":"can: isotp: sanitize CAN ID checks in isotp_bind()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ncan: isotp: sanitize CAN ID checks in isotp_bind()\n\nSyzbot created an environment that lead to a state machine status that\ncan not be reached with a compliant CAN ID address configuration.\nThe provided address information consisted of CAN ID 0x6000001 and 0xC28001\nwhich both boil down to 11 bit CAN IDs 0x001 in sending and receiving.\n\nSanitize the SFF/EFF CAN ID values before performing the address checks.","modified":"2026-04-11T12:43:48.629606Z","published":"2025-02-26T01:56:17.204Z","related":["ALSA-2025:20518","SUSE-SU-2025:1027-1","SUSE-SU-2025:1176-1","SUSE-SU-2025:1183-1","SUSE-SU-2025:1241-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49269.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3ea566422cbde9610c2734980d1286ab681bb40e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7b4652fc71dcec043977a6def80ef5034c913615"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cf522d741f5301223cc94b978eb1603c7590d65e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d72866a7f5326160d2a9d945a33eb6ef1883e25d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f343dbe82314ab457153c9afd970be4e9e553020"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49269.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49269"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"e057dd3fc20ffb3d7f150af46542a51b59b90127"},{"fixed":"d72866a7f5326160d2a9d945a33eb6ef1883e25d"},{"fixed":"f343dbe82314ab457153c9afd970be4e9e553020"},{"fixed":"cf522d741f5301223cc94b978eb1603c7590d65e"},{"fixed":"7b4652fc71dcec043977a6def80ef5034c913615"},{"fixed":"3ea566422cbde9610c2734980d1286ab681bb40e"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49269.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.10.0"},{"fixed":"5.10.110"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.33"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"5.16.19"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.17.0"},{"fixed":"5.17.2"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49269.json"}}],"schema_version":"1.7.5"}