{"id":"CVE-2022-48977","summary":"can: af_can: fix NULL pointer dereference in can_rcv_filter","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ncan: af_can: fix NULL pointer dereference in can_rcv_filter\n\nAnalogue to commit 8aa59e355949 (\"can: af_can: fix NULL pointer\ndereference in can_rx_register()\") we need to check for a missing\ninitialization of ml_priv in the receive path of CAN frames.\n\nSince commit 4e096a18867a (\"net: introduce CAN specific pointer in the\nstruct net_device\") the check for dev-\u003etype to be ARPHRD_CAN is not\nsufficient anymore since bonding or tun netdevices claim to be CAN\ndevices but do not initialize ml_priv accordingly.","modified":"2026-04-02T08:27:11.591953Z","published":"2024-10-21T20:05:56.389Z","related":["SUSE-SU-2024:3983-1","SUSE-SU-2024:3985-1","SUSE-SU-2024:4082-1","SUSE-SU-2024:4131-1","SUSE-SU-2024:4364-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48977.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0acc442309a0a1b01bcdaa135e56e6398a49439c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3982652957e8d79ac32efcb725450580650a8644"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c142cba37de29f740a3852f01f59876af8ae462a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c42221efb1159d6a3c89e96685ee38acdce86b6f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fcc63f2f7ee3038d53216edd0d8291e57c752557"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48977.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48977"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4ac1feff6ea6495cbfd336f4438a6c6d140544a6"},{"fixed":"3982652957e8d79ac32efcb725450580650a8644"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1a5751d58b14195f763b8c1d9ef33fb8a93e95e7"},{"fixed":"c42221efb1159d6a3c89e96685ee38acdce86b6f"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4e096a18867a5a989b510f6999d9c6b6622e8f7b"},{"fixed":"c142cba37de29f740a3852f01f59876af8ae462a"},{"fixed":"fcc63f2f7ee3038d53216edd0d8291e57c752557"},{"fixed":"0acc442309a0a1b01bcdaa135e56e6398a49439c"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"96340078d50a54f6a1252c62596bc44321c8bff9"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48977.json"}}],"schema_version":"1.7.5"}