CVE-2022-49845 in Linuxinfo

Summary

by MITRE • 05/01/2025

In the Linux kernel, the following vulnerability has been resolved:

can: j1939: j1939_send_one(): fix missing CAN header initialization

The read access to struct canxl_frame::len inside of a j1939 created skbuff revealed a missing initialization of reserved and later filled elements in struct can_frame.

This patch initializes the 8 byte CAN header with zero.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 11/12/2025

The vulnerability identified as CVE-2022-49845 resides within the Linux kernel's CAN (Controller Area Network) subsystem, specifically affecting the J1939 protocol implementation. This issue manifests in the j1939_send_one() function where improper initialization of CAN frame headers creates potential security risks. The problem occurs when processing skbuff structures containing J1939 frames, where the canxl_frame::len field access reveals uninitialized memory segments. The root cause stems from the failure to properly initialize reserved fields within the can_frame structure, which is a fundamental component of the CAN protocol implementation in kernel space.

This vulnerability represents a classic case of uninitialized memory access that can lead to information disclosure and potentially more severe security implications. The technical flaw occurs because the CAN header initialization process fails to properly zero out all 8 bytes of the can_frame structure, leaving portions of memory uninitialized and potentially containing sensitive data from previous operations. When the kernel processes J1939 frames through the j1939_send_one() function, these uninitialized memory segments are accessed and potentially exposed through the skbuff mechanism, creating a pathway for information leakage. The issue falls under CWE-457: Use of Uninitialized Variable, which is categorized as a memory safety vulnerability that can lead to unpredictable behavior and security exposure.

The operational impact of this vulnerability extends beyond simple information disclosure, as it can potentially enable attackers to extract sensitive data from kernel memory spaces. In automotive and industrial control systems where J1939 protocol is commonly deployed, this vulnerability could allow adversaries to gain insights into system operations, potentially revealing communication patterns, timing information, or other sensitive operational data. The vulnerability affects systems that utilize the Linux kernel's CAN subsystem for J1939 protocol communication, including automotive ECUs, industrial automation systems, and other embedded devices that rely on CAN bus communication. The exposure of uninitialized memory could facilitate further exploitation attempts, as attackers might use this information to craft more sophisticated attacks against the affected systems.

The patch addressing this vulnerability implements a straightforward but critical fix by initializing the complete 8-byte CAN header with zero values before processing J1939 frames. This approach aligns with the principle of secure coding practices and follows the defense-in-depth strategy recommended by cybersecurity frameworks. The fix ensures that all reserved fields within the can_frame structure are properly initialized, eliminating the possibility of information leakage through uninitialized memory access. This remediation directly addresses the ATT&CK technique T1005: Data from Local System, as it prevents unauthorized access to potentially sensitive data within kernel memory. Organizations implementing Linux-based systems with CAN bus communication should prioritize applying this patch to mitigate potential information disclosure risks. The vulnerability demonstrates the importance of proper memory initialization in kernel space, where even seemingly minor oversights can create significant security implications for critical infrastructure systems.

Responsible

Linux

Reservation

05/01/2025

Disclosure

05/01/2025

Moderation

accepted

CPE

ready

EPSS

0.00183

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!