National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2019-3701 Detail

Description

An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames. This is related to cgw_csum_xor_rel. An unprivileged user can trigger a system crash (general protection fault).

Source:  MITRE
Description Last Modified:  01/03/2019

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://www.securityfocus.com/bid/106443
https://bugzilla.suse.com/show_bug.cgi?id=1120386
https://marc.info/?l=linux-netdev&m=154651842302479&w=2

Technical Details

Vulnerability Type (View All)

Change History

1 change record found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2019-3701
NVD Published Date:
01/03/2019
NVD Last Modified:
01/04/2019