CVE-2022-49863

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> can: af_can: fix NULL pointer dereference in can_rx_register()<br /> <br /> It causes NULL pointer dereference when testing as following:<br /> (a) use syscall(__NR_socket, 0x10ul, 3ul, 0) to create netlink socket.<br /> (b) use syscall(__NR_sendmsg, ...) to create bond link device and vxcan<br /> link device, and bind vxcan device to bond device (can also use<br /> ifenslave command to bind vxcan device to bond device).<br /> (c) use syscall(__NR_socket, 0x1dul, 3ul, 1) to create CAN socket.<br /> (d) use syscall(__NR_bind, ...) to bind the bond device to CAN socket.<br /> <br /> The bond device invokes the can-raw protocol registration interface to<br /> receive CAN packets. However, ml_priv is not allocated to the dev,<br /> dev_rcv_lists is assigned to NULL in can_rx_register(). In this case,<br /> it will occur the NULL pointer dereference issue.<br /> <br /> The following is the stack information:<br /> BUG: kernel NULL pointer dereference, address: 0000000000000008<br /> PGD 122a4067 P4D 122a4067 PUD 1223c067 PMD 0<br /> Oops: 0000 [#1] PREEMPT SMP<br /> RIP: 0010:can_rx_register+0x12d/0x1e0<br /> Call Trace:<br /> <br /> raw_enable_filters+0x8d/0x120<br /> raw_enable_allfilters+0x3b/0x130<br /> raw_bind+0x118/0x4f0<br /> __sys_bind+0x163/0x1a0<br /> __x64_sys_bind+0x1e/0x30<br /> do_syscall_64+0x35/0x80<br /> entry_SYSCALL_64_after_hwframe+0x63/0xcd<br />