CVE-2022-49659
MEDIUM EPSS 14.6%
Published Feb 26, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits In commit 1be37d3b0414 ("can: m_can: fix periph RX path: use rx-offload to ensure skbs are sent from softirq context") the RX path for peripheral devices was switched to RX-offload. Received CAN frames are pushed to RX-offload together with a timestamp. RX-offload is designed to handle overflows of the timestamp correctly, if 32 bit timestamps are provided. The timestamps of m_can core are only 16 bits wide. So this patch shifts them to full 32 bit before passing them to RX-offload.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
14.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 7
References 3
- git.kernel.org https://git.kernel.org/stable/c/2a2914a5bd7f38efe55a8372178146de82e0bce9
- git.kernel.org https://git.kernel.org/stable/c/4c3333693f07313f5f0145a922f14a7d3c0f4f21
- git.kernel.org https://git.kernel.org/stable/c/c7333f79888497bfd75dcd02a94eaf836dd1042c
Remediation
- git.kernel.org https://git.kernel.org/stable/c/2a2914a5bd7f38efe55a8372178146de82e0bce9
- git.kernel.org https://git.kernel.org/stable/c/4c3333693f07313f5f0145a922f14a7d3c0f4f21
- git.kernel.org https://git.kernel.org/stable/c/c7333f79888497bfd75dcd02a94eaf836dd1042c