CVE-2025-38665

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-38665
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38665.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38665
Downstream
Related
Published
2025-08-22T16:02:57.458Z
Modified
2026-03-12T02:19:09.968260Z
Summary
can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode
Details

In the Linux kernel, the following vulnerability has been resolved:

can: netlink: canchangelink(): fix NULL pointer deref of struct canpriv::dosetmode

Andrei Lalaev reported a NULL pointer deref when a CAN device is restarted from Bus Off and the driver does not implement the struct canpriv::doset_mode callback.

There are 2 code path that call struct canpriv::dosetmode: - directly by a manual restart from the user space, via canchangelink() - delayed automatic restart after bus off (deactivated by default)

To prevent the NULL pointer deference, refuse a manual restart or configure the automatic restart delay in can_changelink() and report the error via extack to user space.

As an additional safety measure let canrestart() return an error if canpriv::dosetmode is not set instead of dereferencing it unchecked.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38665.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
39549eef3587f1c1e8c65c88a2400d10fd30ea17
Fixed
6bbcf37c5114926c99a1d1e6993a5b35689d2599
Fixed
cf81a60a973358dea163f6b14062f17831ceb894
Fixed
0ca816a96fdcf32644c80cbe7a82c7b6ce6ddda5
Fixed
6acceb46180f9e160d4f0c56fcaf39ba562822ae
Fixed
c1f3f9797c1f44a762e6f5f72520b2e520537b52

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38665.json"