CVE-2025-38665
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's CAN (Controller Area Network) subsystem allows local attackers to crash the kernel when restarting CAN devices from Bus Off state if the driver lacks a specific callback function. This affects systems using CAN network interfaces with drivers that don't implement the do_set_mode callback. The vulnerability requires local access to trigger.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially disrupting industrial control systems, automotive systems, or other CAN-dependent applications.
Likely Case
Local denial of service through kernel crash when userspace attempts to restart a CAN device from Bus Off state with an affected driver.
If Mitigated
No impact if proper kernel patches are applied or if affected drivers aren't used.
🎯 Exploit Status
Requires local access and ability to interact with CAN devices. Exploitation involves triggering CAN device restart from Bus Off state.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees (commits referenced in CVE)
Vendor Advisory: https://git.kernel.org/stable/c/0ca816a96fdcf32644c80cbe7a82c7b6ce6ddda5
Restart Required: No
Instructions:
1. Update Linux kernel to version containing fixes from referenced commits. 2. For distributions: Apply security updates from your vendor. 3. Recompile kernel if building from source with patches applied.
🔧 Temporary Workarounds
Disable automatic CAN restart
LinuxConfigure CAN devices to not automatically restart after bus off, reducing attack surface.
echo 0 > /sys/class/net/canX/restart_ms
Restrict CAN device access
LinuxLimit access to CAN device interfaces to trusted users only.
chmod 600 /dev/canX
setfacl -m u:trusteduser:rw /dev/canX
🧯 If You Can't Patch
- Restrict local user access to systems with CAN devices
- Disable unused CAN interfaces or modules
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if CAN modules are loaded: lsmod | grep canCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated beyond patch commits, check dmesg for CAN-related crashes📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in dmesg/system logs
- CAN-related crash reports
- NULL pointer dereference errors mentioning can_changelink or can_restart
Network Indicators:
- CAN bus disruption events
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "can_changelink" OR "can_restart")🔗 References
- https://git.kernel.org/stable/c/0ca816a96fdcf32644c80cbe7a82c7b6ce6ddda5
- https://git.kernel.org/stable/c/6acceb46180f9e160d4f0c56fcaf39ba562822ae
- https://git.kernel.org/stable/c/6bbcf37c5114926c99a1d1e6993a5b35689d2599
- https://git.kernel.org/stable/c/c1f3f9797c1f44a762e6f5f72520b2e520537b52
- https://git.kernel.org/stable/c/cf81a60a973358dea163f6b14062f17831ceb894
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
