CVE-2025-21774 in Linuxinfo

Summary

by MITRE • 02/27/2025

In the Linux kernel, the following vulnerability has been resolved:

can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated

Fix NULL pointer check in rkcanfd_handle_rx_fifo_overflow_int() to bail out if skb cannot be allocated.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 05/25/2026

The vulnerability identified as CVE-2025-21774 resides within the Linux kernel's CAN (Controller Area Network) subsystem, specifically affecting the rockchip driver implementation. This issue manifests in the rkcanfd_handle_rx_fifo_overflow_int() function which manages receive FIFO overflow interrupts for Rockchip CAN FD controllers. The vulnerability represents a critical flaw in the kernel's memory management and error handling procedures that could potentially lead to system instability or denial of service conditions.

The technical root cause of this vulnerability stems from inadequate error handling within the CAN driver's interrupt processing routine. When the rkcanfd_handle_rx_fifo_overflow_int() function attempts to allocate a socket buffer (skb) for processing received CAN frames, it fails to properly validate whether the allocation succeeds before proceeding with subsequent operations. This null pointer dereference scenario occurs when the kernel's memory allocator cannot provide the necessary socket buffer structure, yet the function continues execution without proper bail-out mechanisms. The absence of proper NULL pointer validation creates a condition where subsequent operations attempt to access a null pointer, leading to kernel oops or system crashes.

This vulnerability operates at the kernel level and directly impacts the stability of systems utilizing Rockchip-based CAN controllers, particularly those in automotive, industrial, and embedded applications where CAN communication is critical. The operational impact extends beyond simple system crashes as it can compromise the integrity of real-time communication protocols essential for vehicle control systems, industrial automation, and other time-sensitive applications. Attackers could potentially exploit this vulnerability to cause denial of service conditions, forcing systems to reboot or become unresponsive during critical communication phases, which could have severe consequences in safety-critical environments.

The fix for CVE-2025-21774 involves implementing proper error checking within the rkcanfd_handle_rx_fifo_overflow_int() function to ensure that the socket buffer allocation is validated before proceeding with any further processing. This remediation follows established security practices for kernel development and aligns with CWE-476 which addresses NULL pointer dereference vulnerabilities. The solution specifically requires adding a NULL pointer check immediately after the skb allocation call and implementing appropriate bail-out procedures when allocation fails. This approach prevents the kernel from continuing execution with invalid memory references and maintains system stability. The mitigation strategy also aligns with ATT&CK technique T1499.004 which involves system disruption through kernel-level vulnerabilities, ensuring that such attacks cannot succeed through improper error handling in device drivers.

Systems utilizing Rockchip-based CAN controllers should immediately apply the kernel patch addressing this vulnerability as it represents a critical security risk that could be exploited to cause system instability or denial of service conditions. The fix demonstrates the importance of proper error handling in kernel space code and reinforces the principle that device drivers must validate all resource allocations before proceeding with operations. Organizations deploying embedded systems, automotive platforms, or industrial control networks should verify their kernel versions and apply the necessary security updates to protect against potential exploitation of this vulnerability.

Responsible

Linux

Reservation

12/29/2024

Disclosure

02/27/2025

Moderation

accepted

CPE

ready

EPSS

0.00203

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!