CVE-2022-49275

Summary

CVE-2022-49275 is a vulnerability affecting the Linux kernel's CAN (Controller Area Network) subsystem. Specifically, a use-after-free issue was identified in the m_can_tx_handler function of the m_can module. This flaw arises because can_put_echo_skb() clones theskb (Software Packet Buffer) and then frees it, which leads to theskb being used after being freed. To address this issue, can_put_echo_skb() should be placed before the xmit in hardware for the m_can version 3.0.x, similar to the 3.1.x branch. This change prevents the use-after-free vulnerability from being exploited.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.