CVE-2023-54105

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> can: isotp: check CAN address family in isotp_bind()<br /> <br /> Add missing check to block non-AF_CAN binds.<br /> <br /> Syzbot created some code which matched the right sockaddr struct size<br /> but used AF_XDP (0x2C) instead of AF_CAN (0x1D) in the address family<br /> field:<br /> <br /> bind$xdp(r2, &amp;(0x7f0000000540)={0x2c, 0x0, r4, 0x0, r2}, 0x10)<br /> ^^^^<br /> This has no funtional impact but the userspace should be notified about<br /> the wrong address family field content.