CVE-2025-38665

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode<br /> <br /> Andrei Lalaev reported a NULL pointer deref when a CAN device is<br /> restarted from Bus Off and the driver does not implement the struct<br /> can_priv::do_set_mode callback.<br /> <br /> There are 2 code path that call struct can_priv::do_set_mode:<br /> - directly by a manual restart from the user space, via<br /> can_changelink()<br /> - delayed automatic restart after bus off (deactivated by default)<br /> <br /> To prevent the NULL pointer deference, refuse a manual restart or<br /> configure the automatic restart delay in can_changelink() and report<br /> the error via extack to user space.<br /> <br /> As an additional safety measure let can_restart() return an error if<br /> can_priv::do_set_mode is not set instead of dereferencing it<br /> unchecked.