CVE-2025-40020
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-24
Last updated on: 2025-10-27
Assigner: kernel.org
Description
Description
In the Linux kernel, the following vulnerability has been resolved:
can: peak_usb: fix shift-out-of-bounds issue
Explicitly uses a 64-bit constant when the number of bits used for its
shifting is 32 (which is the case for PC CAN FD interfaces supported by
this driver).
[mkl: update subject, apply manually]
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| peak_usb | peak_usb | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's peak_usb driver involves a shift-out-of-bounds issue. Specifically, the code uses a 64-bit constant but shifts it by 32 bits, which is incorrect for the PC CAN FD interfaces supported by this driver. This can lead to unexpected behavior or errors in the driver.
How can this vulnerability impact me? :
The shift-out-of-bounds issue in the peak_usb driver could cause incorrect operation of PC CAN FD interfaces, potentially leading to system instability, crashes, or incorrect data handling when using these interfaces.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70