CVE-2024-56651

The commit a22bd630cfff ("can: hi311x: do not report txerr and rxerr during bus-off") removed the reporting of rxerr and txerr even in case of correct operation (i. e. not bus-off).

The error count information added to the CAN frame after netif_rx() is a potential use after free, since there is no guarantee that the skb is in the same state. It might be freed or reused.

Fix the issue by postponing the netif_rx() call in case of txerr and rxerr reporting.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56651.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a22bd630cfff496b270211745536e50e98eb3a45

Fixed

4ad77eb8f2e07bcfa0e28887d3c7dbb732d92cc1

Fixed

1128022009444faf49359bd406cd665b177cb643

Fixed

bc30b2fe8c54694f8ae08a5b8a5d174d16d93075

Fixed

9ad86d377ef4a19c75a9c639964879a5b25a433b

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

303733fdab728d34708014b3096dc69ebae6e531

Last affected

410054f1cf75378a6f009359e5952a240102a1a2

Last affected

d20bf7e76136fd4c1e47502a1f5773f2290013ed

Last affected

22e382d47de09e865a9214cc5c9f99256e65deaa

Last affected

dcfcd5fc999b1eb7946de1fd031bc3aaf224c5ae

Last affected

330b0ac34beec4fef8b002549af5bc6d0b6f0836

Last affected

f3d865a6b791abbc874739ed702ae64ad2607511

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56651.json"