Description
In the Linux kernel, the following vulnerability has been resolved: can: af_can: fix NULL pointer dereference in can_rcv_filter Analogue to commit 8aa59e355949 ("can: af_can: fix NULL pointer dereference in can_rx_register()") we need to check for a missing initialization of ml_priv in the receive path of CAN frames. Since commit 4e096a18867a ("net: introduce CAN specific pointer in the struct net_device") the check for dev->type to be ARPHRD_CAN is not sufficient anymore since bonding or tun netdevices claim to be CAN devices but do not initialize ml_priv accordingly.
Product status
4ac1feff6ea6495cbfd336f4438a6c6d140544a6 (git) before 3982652957e8d79ac32efcb725450580650a8644
1a5751d58b14195f763b8c1d9ef33fb8a93e95e7 (git) before c42221efb1159d6a3c89e96685ee38acdce86b6f
4e096a18867a5a989b510f6999d9c6b6622e8f7b (git) before c142cba37de29f740a3852f01f59876af8ae462a
4e096a18867a5a989b510f6999d9c6b6622e8f7b (git) before fcc63f2f7ee3038d53216edd0d8291e57c752557
4e096a18867a5a989b510f6999d9c6b6622e8f7b (git) before 0acc442309a0a1b01bcdaa135e56e6398a49439c
96340078d50a54f6a1252c62596bc44321c8bff9 (git)
5.12
Any version before 5.12
5.4.227 (semver)
5.10.159 (semver)
5.15.83 (semver)
6.0.13 (semver)
6.1 (original_commit_for_fix)
References
git.kernel.org/...c/3982652957e8d79ac32efcb725450580650a8644
git.kernel.org/...c/c42221efb1159d6a3c89e96685ee38acdce86b6f
git.kernel.org/...c/c142cba37de29f740a3852f01f59876af8ae462a
git.kernel.org/...c/fcc63f2f7ee3038d53216edd0d8291e57c752557
git.kernel.org/...c/0acc442309a0a1b01bcdaa135e56e6398a49439c