CVE-2019-3701 -- linux-imageID: oval:org.secpod.oval:def:2000635 | Date: (C)2019-05-17 (M)2024-04-17 |
Class: VULNERABILITY | Family: unix |
An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller"s I/O memory when processing can-gw manipulated outgoing frames. This is related to cgw_csum_xor_rel. An unprivileged user can trigger a system crash .
Platform: |
Debian 8.x |
Debian 9.x |
Product: |
linux-image-4.9 |
linux-image-3.16 |