CVE-2023-54105
Improper Address Family Validation in Linux Kernel CAN_ISOTP Bind
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves the CAN (Controller Area Network) protocol's isotp_bind() function missing a check for the correct CAN address family (AF_CAN). Specifically, the code failed to block binds that used a non-AF_CAN address family, such as AF_XDP, which is incorrect. Although this does not have a functional impact, it means that userspace programs might be using the wrong address family field without being notified.
How can this vulnerability impact me? :
The vulnerability has no functional impact, meaning it does not affect the operation or security of the system. However, userspace applications might not be notified when they use an incorrect address family in CAN isotp_bind() calls, which could lead to confusion or improper usage of the API.