vulnerability
Ubuntu: (CVE-2022-49659): linux vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:N/A:C) | Feb 26, 2025 | Mar 19, 2025 | Jun 12, 2025 |
Description
In the Linux kernel, the following vulnerability has been resolved:
can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits
In commit 1be37d3b0414 ("can: m_can: fix periph RX path: use
rx-offload to ensure skbs are sent from softirq context") the RX path
for peripheral devices was switched to RX-offload.
Received CAN frames are pushed to RX-offload together with a
timestamp. RX-offload is designed to handle overflows of the timestamp
correctly, if 32 bit timestamps are provided.
The timestamps of m_can core are only 16 bits wide. So this patch
shifts them to full 32 bit before passing them to RX-offload.
Solution(s)
References
- CVE-2022-49659
- https://attackerkb.com/topics/CVE-2022-49659
- URL-https://git.kernel.org/linus/4c3333693f07313f5f0145a922f14a7d3c0f4f21
- URL-https://git.kernel.org/stable/c/2a2914a5bd7f38efe55a8372178146de82e0bce9
- URL-https://git.kernel.org/stable/c/4c3333693f07313f5f0145a922f14a7d3c0f4f21
- URL-https://git.kernel.org/stable/c/c7333f79888497bfd75dcd02a94eaf836dd1042c
- URL-https://www.cve.org/CVERecord?id=CVE-2022-49659
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.