CVE-2022-49269
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49269
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49269.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49269
- Downstream
- Related
- Published
- 2025-02-26T01:56:17Z
- Modified
- 2025-10-21T09:57:02.199768Z
- Summary
- can: isotp: sanitize CAN ID checks in isotp_bind()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
can: isotp: sanitize CAN ID checks in isotp_bind()
Syzbot created an environment that lead to a state machine status that can not be reached with a compliant CAN ID address configuration. The provided address information consisted of CAN ID 0x6000001 and 0xC28001 which both boil down to 11 bit CAN IDs 0x001 in sending and receiving.
Sanitize the SFF/EFF CAN ID values before performing the address checks.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/3ea566422cbde9610c2734980d1286ab681bb40e
- https://git.kernel.org/stable/c/7b4652fc71dcec043977a6def80ef5034c913615
- https://git.kernel.org/stable/c/cf522d741f5301223cc94b978eb1603c7590d65e
- https://git.kernel.org/stable/c/d72866a7f5326160d2a9d945a33eb6ef1883e25d
- https://git.kernel.org/stable/c/f343dbe82314ab457153c9afd970be4e9e553020
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede057dd3fc20ffb3d7f150af46542a51b59b90127Fixedd72866a7f5326160d2a9d945a33eb6ef1883e25d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede057dd3fc20ffb3d7f150af46542a51b59b90127Fixedf343dbe82314ab457153c9afd970be4e9e553020
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede057dd3fc20ffb3d7f150af46542a51b59b90127Fixedcf522d741f5301223cc94b978eb1603c7590d65e
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede057dd3fc20ffb3d7f150af46542a51b59b90127Fixed7b4652fc71dcec043977a6def80ef5034c913615
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede057dd3fc20ffb3d7f150af46542a51b59b90127Fixed3ea566422cbde9610c2734980d1286ab681bb40e
Affected versions
v5.*
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.10.1
v5.10.10
v5.10.100
v5.10.101
v5.10.102
v5.10.103
v5.10.104
v5.10.105
v5.10.106
v5.10.107
v5.10.108
v5.10.109
v5.10.11
v5.10.12
v5.10.13
v5.10.14
v5.10.15
v5.10.16
v5.10.17
v5.10.18
v5.10.19
v5.10.2
v5.10.20
v5.10.21
v5.10.22
v5.10.23
v5.10.24
v5.10.25
v5.10.26
v5.10.27
v5.10.28
v5.10.29
v5.10.3
v5.10.30
v5.10.31
v5.10.32
v5.10.33
v5.10.34
v5.10.35
v5.10.36
v5.10.37
v5.10.38
v5.10.39
v5.10.4
v5.10.40
v5.10.41
v5.10.42
v5.10.43
v5.10.44
v5.10.45
v5.10.46
v5.10.47
v5.10.48
v5.10.49
v5.10.5
v5.10.50
v5.10.51
v5.10.52
v5.10.53
v5.10.54
v5.10.55
v5.10.56
v5.10.57
v5.10.58
v5.10.59
v5.10.6
v5.10.60
v5.10.61
v5.10.62
v5.10.63
v5.10.64
v5.10.65
v5.10.66
v5.10.67
v5.10.68
v5.10.69
v5.10.7
v5.10.70
v5.10.71
v5.10.72
v5.10.73
v5.10.74
v5.10.75
v5.10.76
v5.10.77
v5.10.78
v5.10.79
v5.10.8
v5.10.80
v5.10.81
v5.10.82
v5.10.83
v5.10.84
v5.10.85
v5.10.86
v5.10.87
v5.10.88
v5.10.89
v5.10.9
v5.10.90
v5.10.91
v5.10.92
v5.10.93
v5.10.94
v5.10.95
v5.10.96
v5.10.97
v5.10.98
v5.10.99
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.4
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.16.1
v5.16.10
v5.16.11
v5.16.12
v5.16.13
v5.16.14
v5.16.15
v5.16.16
v5.16.17
v5.16.18
v5.16.2
v5.16.3
v5.16.4
v5.16.5
v5.16.6
v5.16.7
v5.16.8
v5.16.9
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
v5.9
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7b4652fc71dcec043977a6def80ef5034c913615",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"205537448216847481911098723723335249752",
"311585165431802706025263969833151734977",
"82269160845815773267781848397090350183",
"161976867100495284979743182814160745055",
"187745717394528553084758995596129940854",
"117699611913072305823022627369160897169",
"233808590837627801487805407620892122263",
"256955766270272755680803020859548537785",
"67439880968770644703525546353058406775",
"230641422895657782695410628330386149643",
"152432644092006969989882634329143181179",
"187084654560809119350883701926020860491",
"304177964189812433060230367888220333683",
"123940679102298074494759598282347921112",
"200402176154725878489337871826555163763",
"93220793987161912459635511633686066694",
"127047485758436262553188278057945031147",
"19755512860756015621115382451854135823",
"219662554873562595883365431504800212287",
"249569829618363129806768963363350206685",
"223046274972963272633520962159054457718",
"47741777193550940047743280191344220349",
"44602514896103377885704104299719611042",
"289431932983201277081952639046688104114",
"231662775182059772340482443181947181525",
"283511786574673533812920067391754787085",
"47444550202065615147965257647685526953",
"233149670239866831064094160395834201203",
"72902690149282734583233912900941563907",
"294381982120058107670867197778475459359",
"207372468089512354262847600531498248176",
"66229909117248421664388010990707616787",
"192658118556008318628893129314014455705",
"95636588107849901026847817888568717216",
"240694166605272108246037171722888101747"
]
},
"target": {
"file": "net/can/isotp.c"
},
"id": "CVE-2022-49269-13fc1bbd",
"signature_version": "v1",
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3ea566422cbde9610c2734980d1286ab681bb40e",
"deprecated": false,
"digest": {
"function_hash": "265046773487015736215456989358232752128",
"length": 2157.0
},
"target": {
"function": "isotp_bind",
"file": "net/can/isotp.c"
},
"id": "CVE-2022-49269-43d1e153",
"signature_version": "v1",
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f343dbe82314ab457153c9afd970be4e9e553020",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"205537448216847481911098723723335249752",
"311585165431802706025263969833151734977",
"82269160845815773267781848397090350183",
"161976867100495284979743182814160745055",
"187745717394528553084758995596129940854",
"117699611913072305823022627369160897169",
"233808590837627801487805407620892122263",
"256955766270272755680803020859548537785",
"67439880968770644703525546353058406775",
"230641422895657782695410628330386149643",
"152432644092006969989882634329143181179",
"187084654560809119350883701926020860491",
"304177964189812433060230367888220333683",
"123940679102298074494759598282347921112",
"200402176154725878489337871826555163763",
"93220793987161912459635511633686066694",
"127047485758436262553188278057945031147",
"19755512860756015621115382451854135823",
"219662554873562595883365431504800212287",
"249569829618363129806768963363350206685",
"223046274972963272633520962159054457718",
"47741777193550940047743280191344220349",
"44602514896103377885704104299719611042",
"289431932983201277081952639046688104114",
"231662775182059772340482443181947181525",
"283511786574673533812920067391754787085",
"47444550202065615147965257647685526953",
"233149670239866831064094160395834201203",
"72902690149282734583233912900941563907",
"294381982120058107670867197778475459359",
"207372468089512354262847600531498248176",
"66229909117248421664388010990707616787",
"192658118556008318628893129314014455705",
"95636588107849901026847817888568717216",
"240694166605272108246037171722888101747"
]
},
"target": {
"file": "net/can/isotp.c"
},
"id": "CVE-2022-49269-4a86021e",
"signature_version": "v1",
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d72866a7f5326160d2a9d945a33eb6ef1883e25d",
"deprecated": false,
"digest": {
"function_hash": "314211816158561745837343372492296451371",
"length": 1918.0
},
"target": {
"function": "isotp_bind",
"file": "net/can/isotp.c"
},
"id": "CVE-2022-49269-56def1d6",
"signature_version": "v1",
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3ea566422cbde9610c2734980d1286ab681bb40e",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"205537448216847481911098723723335249752",
"311585165431802706025263969833151734977",
"82269160845815773267781848397090350183",
"161976867100495284979743182814160745055",
"187745717394528553084758995596129940854",
"117699611913072305823022627369160897169",
"233808590837627801487805407620892122263",
"256955766270272755680803020859548537785",
"67439880968770644703525546353058406775",
"230641422895657782695410628330386149643",
"152432644092006969989882634329143181179",
"187084654560809119350883701926020860491",
"304177964189812433060230367888220333683",
"123940679102298074494759598282347921112",
"200402176154725878489337871826555163763",
"93220793987161912459635511633686066694",
"127047485758436262553188278057945031147",
"19755512860756015621115382451854135823",
"219662554873562595883365431504800212287",
"249569829618363129806768963363350206685",
"223046274972963272633520962159054457718",
"47741777193550940047743280191344220349",
"44602514896103377885704104299719611042",
"289431932983201277081952639046688104114",
"231662775182059772340482443181947181525",
"299254078134195383036048033819385126870",
"26816932361378932382650661558821276067",
"310234520924190975440372106868875470267",
"299104123402826380329584939467402716629",
"305433582197722602100648230228596668741",
"17744129848043890148574307874083586909",
"61722726214244738771580826324599977238",
"139754905161922867213820697226377090714",
"307893925330609979650121498533198022830",
"207372468089512354262847600531498248176",
"66229909117248421664388010990707616787",
"192658118556008318628893129314014455705",
"95636588107849901026847817888568717216",
"240694166605272108246037171722888101747"
]
},
"target": {
"file": "net/can/isotp.c"
},
"id": "CVE-2022-49269-7e197de3",
"signature_version": "v1",
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f343dbe82314ab457153c9afd970be4e9e553020",
"deprecated": false,
"digest": {
"function_hash": "127503273061667215568412613468780618112",
"length": 1904.0
},
"target": {
"function": "isotp_bind",
"file": "net/can/isotp.c"
},
"id": "CVE-2022-49269-8c67b923",
"signature_version": "v1",
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d72866a7f5326160d2a9d945a33eb6ef1883e25d",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"205537448216847481911098723723335249752",
"311585165431802706025263969833151734977",
"82269160845815773267781848397090350183",
"161976867100495284979743182814160745055",
"187745717394528553084758995596129940854",
"117699611913072305823022627369160897169",
"233808590837627801487805407620892122263",
"256955766270272755680803020859548537785",
"67439880968770644703525546353058406775",
"230641422895657782695410628330386149643",
"152432644092006969989882634329143181179",
"187084654560809119350883701926020860491",
"304177964189812433060230367888220333683",
"123940679102298074494759598282347921112",
"200402176154725878489337871826555163763",
"93220793987161912459635511633686066694",
"127047485758436262553188278057945031147",
"19755512860756015621115382451854135823",
"219662554873562595883365431504800212287",
"249569829618363129806768963363350206685",
"223046274972963272633520962159054457718",
"47741777193550940047743280191344220349",
"44602514896103377885704104299719611042",
"289431932983201277081952639046688104114",
"231662775182059772340482443181947181525",
"283511786574673533812920067391754787085",
"47444550202065615147965257647685526953",
"233149670239866831064094160395834201203",
"72902690149282734583233912900941563907",
"294381982120058107670867197778475459359",
"207372468089512354262847600531498248176",
"66229909117248421664388010990707616787",
"192658118556008318628893129314014455705",
"95636588107849901026847817888568717216",
"240694166605272108246037171722888101747"
]
},
"target": {
"file": "net/can/isotp.c"
},
"id": "CVE-2022-49269-b7514a98",
"signature_version": "v1",
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cf522d741f5301223cc94b978eb1603c7590d65e",
"deprecated": false,
"digest": {
"function_hash": "127503273061667215568412613468780618112",
"length": 1904.0
},
"target": {
"function": "isotp_bind",
"file": "net/can/isotp.c"
},
"id": "CVE-2022-49269-e73ec81e",
"signature_version": "v1",
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cf522d741f5301223cc94b978eb1603c7590d65e",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"205537448216847481911098723723335249752",
"311585165431802706025263969833151734977",
"82269160845815773267781848397090350183",
"161976867100495284979743182814160745055",
"187745717394528553084758995596129940854",
"117699611913072305823022627369160897169",
"233808590837627801487805407620892122263",
"256955766270272755680803020859548537785",
"67439880968770644703525546353058406775",
"230641422895657782695410628330386149643",
"152432644092006969989882634329143181179",
"187084654560809119350883701926020860491",
"304177964189812433060230367888220333683",
"123940679102298074494759598282347921112",
"200402176154725878489337871826555163763",
"93220793987161912459635511633686066694",
"127047485758436262553188278057945031147",
"19755512860756015621115382451854135823",
"219662554873562595883365431504800212287",
"249569829618363129806768963363350206685",
"223046274972963272633520962159054457718",
"47741777193550940047743280191344220349",
"44602514896103377885704104299719611042",
"289431932983201277081952639046688104114",
"231662775182059772340482443181947181525",
"283511786574673533812920067391754787085",
"47444550202065615147965257647685526953",
"233149670239866831064094160395834201203",
"72902690149282734583233912900941563907",
"294381982120058107670867197778475459359",
"207372468089512354262847600531498248176",
"66229909117248421664388010990707616787",
"192658118556008318628893129314014455705",
"95636588107849901026847817888568717216",
"240694166605272108246037171722888101747"
]
},
"target": {
"file": "net/can/isotp.c"
},
"id": "CVE-2022-49269-e82b6966",
"signature_version": "v1",
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7b4652fc71dcec043977a6def80ef5034c913615",
"deprecated": false,
"digest": {
"function_hash": "127503273061667215568412613468780618112",
"length": 1904.0
},
"target": {
"function": "isotp_bind",
"file": "net/can/isotp.c"
},
"id": "CVE-2022-49269-f8fdb1ea",
"signature_version": "v1",
"signature_type": "Function"
}
]