CVE-2025-38224
📋 TL;DR
This vulnerability in the Linux kernel's Kvaser PCIeFD CAN driver allows out-of-bounds memory access when handling CAN bus acknowledgments. It affects systems using this specific CAN controller driver, potentially leading to kernel crashes or memory corruption. The issue occurs due to improper echo_skb_max handling that causes array boundary violations.
💻 Affected Systems
- Linux kernel with kvaser_pciefd driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic, system crash, or potential arbitrary code execution leading to full system compromise.
Likely Case
Kernel crash or system instability when the affected CAN driver processes specific network packets.
If Mitigated
No impact if the vulnerable driver is not loaded or the system doesn't use Kvaser PCIeFD CAN hardware.
🎯 Exploit Status
Found by automated fuzzing (Syzkaller), requires sending crafted CAN packets to trigger the out-of-bounds access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in kernel commits: 54ec8b08216f, a6550c9aa11e, d8a054b6e682
Vendor Advisory: https://git.kernel.org/stable/c/54ec8b08216f3be2cc98b33633d3c8ea79749895
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Rebuild kernel if compiling from source. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable kvaser_pciefd driver
linuxPrevent loading of the vulnerable driver module
echo 'blacklist kvaser_pciefd' >> /etc/modprobe.d/blacklist.conf
rmmod kvaser_pciefd
Restrict CAN network access
allLimit which systems can send CAN packets to vulnerable devices
🧯 If You Can't Patch
- Isolate CAN networks from untrusted systems
- Implement strict CAN bus monitoring and anomaly detection
🔍 How to Verify
Check if Vulnerable:
Check if kvaser_pciefd module is loaded: lsmod | grep kvaser_pciefdCheck Version:
uname -rVerify Fix Applied:
Check kernel version includes fix commits or verify driver version after update📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- KASAN out-of-bounds reports in dmesg
- CAN driver crash logs
Network Indicators:
- Unusual CAN packet patterns
- High rate of CAN acknowledgment packets
SIEM Query:
source="kernel" AND ("KASAN" OR "slab-out-of-bounds" OR "kvaser_pciefd")