github - ghsa-cp4j-vw64-wp3f

ghsa-cp4j-vw64-wp3f

Vulnerability from github

Published

2025-02-27 03:34

Modified

2025-03-05 21:32

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

In the Linux kernel, the following vulnerability has been resolved:

can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated

Fix NULL pointer check in rkcanfd_handle_rx_fifo_overflow_int() to bail out if skb cannot be allocated.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-21774"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-27T03:15:18Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated\n\nFix NULL pointer check in rkcanfd_handle_rx_fifo_overflow_int() to\nbail out if skb cannot be allocated.",
  "id": "GHSA-cp4j-vw64-wp3f",
  "modified": "2025-03-05T21:32:07Z",
  "published": "2025-02-27T03:34:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21774"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/118fb35681bd2c0d2afa22f7be0ef94bb4d06849"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/946750e7865df2e70045071051abf768785dd570"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f7f0adfe64de08803990dc4cbecd2849c04e314a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2025-21774 (GCVE-0-2025-21774)

Vulnerability from cvelistv5

Published

2025-02-27 02:18

Modified

2025-10-01 19:36

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

In the Linux kernel, the following vulnerability has been resolved: can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated Fix NULL pointer check in rkcanfd_handle_rx_fifo_overflow_int() to bail out if skb cannot be allocated.

References

URL

Tags

	https://git.kernel.org/stable/c/118fb35681bd2c0d2afa22f7be0ef94bb4d06849
	https://git.kernel.org/stable/c/946750e7865df2e70045071051abf768785dd570
	https://git.kernel.org/stable/c/f7f0adfe64de08803990dc4cbecd2849c04e314a

Impacted products

Vendor

Product

Version

Version: ff60bfbaf67f219c634cfe89a52250efe8e600d0
Version: ff60bfbaf67f219c634cfe89a52250efe8e600d0
Version: ff60bfbaf67f219c634cfe89a52250efe8e600d0

Version: 6.12

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-21774",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:30:32.320025Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:36:40.467Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/can/rockchip/rockchip_canfd-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "118fb35681bd2c0d2afa22f7be0ef94bb4d06849",
              "status": "affected",
              "version": "ff60bfbaf67f219c634cfe89a52250efe8e600d0",
              "versionType": "git"
            },
            {
              "lessThan": "946750e7865df2e70045071051abf768785dd570",
              "status": "affected",
              "version": "ff60bfbaf67f219c634cfe89a52250efe8e600d0",
              "versionType": "git"
            },
            {
              "lessThan": "f7f0adfe64de08803990dc4cbecd2849c04e314a",
              "status": "affected",
              "version": "ff60bfbaf67f219c634cfe89a52250efe8e600d0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/can/rockchip/rockchip_canfd-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.12"
            },
            {
              "lessThan": "6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.16",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.4",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated\n\nFix NULL pointer check in rkcanfd_handle_rx_fifo_overflow_int() to\nbail out if skb cannot be allocated."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:20:49.340Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/118fb35681bd2c0d2afa22f7be0ef94bb4d06849"
        },
        {
          "url": "https://git.kernel.org/stable/c/946750e7865df2e70045071051abf768785dd570"
        },
        {
          "url": "https://git.kernel.org/stable/c/f7f0adfe64de08803990dc4cbecd2849c04e314a"
        }
      ],
      "title": "can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21774",
    "datePublished": "2025-02-27T02:18:20.526Z",
    "dateReserved": "2024-12-29T08:45:45.763Z",
    "dateUpdated": "2025-10-01T19:36:40.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.