CVE-2025-22003
📋 TL;DR
This CVE describes a one-byte out-of-bounds read vulnerability in the Linux kernel's CAN (Controller Area Network) ucan driver. The flaw occurs when strscpy() reads one byte beyond the source buffer boundary while copying firmware strings. This affects systems using USB CAN adapters with the ucan driver.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash leading to denial of service, potential information disclosure from kernel memory
Likely Case
System instability or crash when specific USB CAN devices are connected
If Mitigated
Minimal impact with proper access controls limiting USB device connections
🎯 Exploit Status
Exploitation requires physical USB device connection or USB passthrough capability
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 1d22a122ffb1, 8cec9e314d33, a4994161a61b, or cc29775a8a72
Vendor Advisory: https://git.kernel.org/stable/c/1d22a122ffb116c3cf78053e812b8b21f8852ee9
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Reboot system. 3. Verify kernel version with 'uname -r'
🔧 Temporary Workarounds
Disable ucan driver
linuxBlacklist or prevent loading of the vulnerable ucan driver
echo 'blacklist ucan' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
Restrict USB device access
linuxUse udev rules to block specific USB CAN devices
Create udev rule to block vendor/product IDs of affected CAN devices
🧯 If You Can't Patch
- Implement strict USB device connection policies
- Monitor system logs for kernel panics or oops messages related to ucan driver
🔍 How to Verify
Check if Vulnerable:
Check if ucan module is loaded: 'lsmod | grep ucan'. Check kernel version against affected range.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes patched commits. Test with USB CAN device connection.📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- System crashes when USB CAN devices connected
- dmesg errors mentioning ucan
Network Indicators:
- Unusual CAN bus traffic patterns
SIEM Query:
source="kernel" AND ("ucan" OR "CAN" OR "out of bounds")