CVE-2025-21775 in Linuxinfo

Summary

by MITRE • 02/27/2025

In the Linux kernel, the following vulnerability has been resolved:

can: ctucanfd: handle skb allocation failure

If skb allocation fails, the pointer to struct can_frame is NULL. This is actually handled everywhere inside ctucan_err_interrupt() except for the only place.

Add the missed NULL check.

Found by Linux Verification Center (linuxtesting.org) with SVACE static analysis tool.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 05/25/2026

The vulnerability CVE-2025-21775 affects the Linux kernel's CAN (Controller Area Network) subsystem, specifically within the ctucanfd driver implementation. This issue represents a critical memory management flaw that could potentially lead to system instability or denial of service conditions. The problem manifests in the ctucan_err_interrupt() function where proper error handling has been omitted for a specific code path. The Linux Verification Center identified this weakness through static analysis using the SVACE tool, highlighting the importance of comprehensive code review processes in kernel development.

The technical root cause stems from a missing null pointer check in the CAN driver's error interrupt handling routine. When the kernel attempts to allocate socket buffer memory (skb) for CAN frame processing, the allocation can fail due to memory pressure or resource constraints. In such failure scenarios, the system correctly identifies that the struct can_frame pointer becomes NULL in most locations within the interrupt handler, but fails to perform this same validation in one particular code path. This inconsistency creates a potential null pointer dereference condition that could crash the kernel or allow arbitrary code execution under specific circumstances.

The operational impact of this vulnerability extends beyond simple system crashes, as it represents a fundamental flaw in the kernel's error handling mechanisms for real-time communication subsystems. CAN bus implementations are critical in automotive and industrial environments where reliability is paramount, making this vulnerability particularly concerning for embedded systems. The flaw could be exploited by malicious actors to cause system instability, potentially leading to denial of service attacks against vehicle systems or industrial control networks. According to CWE classification, this represents a CWE-476: NULL Pointer Dereference vulnerability, while ATT&CK framework would categorize this under T1499.004: Endpoint Denial of Service for the potential system disruption capabilities.

Mitigation strategies for this vulnerability should prioritize immediate kernel updates from trusted sources, as the fix involves adding a simple but crucial null pointer validation check. System administrators should implement monitoring for unusual memory allocation failures and CAN bus error conditions that might indicate exploitation attempts. The fix demonstrates the importance of comprehensive error handling in kernel space, where every memory allocation must be validated before use. Organizations should also consider implementing additional network segmentation and access controls around CAN bus interfaces to limit potential attack surface. Regular security assessments using static analysis tools like SVACE should be integrated into development workflows to identify similar patterns before they reach production environments.

Responsible

Linux

Reservation

12/29/2024

Disclosure

02/27/2025

Moderation

accepted

CPE

ready

EPSS

0.00207

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!