[SRU Xenial/Bionic/Focal/Impish/Jammy] CVE-2022-28388
Cengiz Can
cengiz.can at canonical.com
Wed May 25 21:00:45 UTC 2022
[Impact]
From https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28388
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel
through 5.17.1 has a double free.
It was discovered that the 8 Devices USB2CAN interface implementation in the
Linux kernel did not properly handle certain error conditions, leading to a
double-free. A local attacker could possibly use this to cause a denial of
service (system crash).
Hangyu Hua (1):
can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in
error path
drivers/net/can/usb/usb_8dev.c | 30 ++++++++++++++----------------
1 file changed, 14 insertions(+), 16 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list