CVE-2020-36789: 
Linux Kernel vulnerability analysis and mitigation

CVE-2020-36789 is a vulnerability in the Linux kernel's CAN (Controller Area Network) subsystem, specifically in the can_get_echo_skb() function. The vulnerability was disclosed on April 17, 2025, affecting the Linux kernel's network stack implementation (NVD Database).

The vulnerability occurs when a driver calls can_get_echo_skb() during a hardware IRQ context. Under network congestion circumstances, this can trigger a 'WARN_ON(in_irq)' in net/core/skbuff.c#skb_release_head_state(), along with a potential NULL pointer dereference. The root cause is identified as the improper use of kfree_skb() instead of dev_kfree_skb_irq() in net/core/dev.c#enqueue_to_backlog(). The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-476 (Red Hat Security).

The vulnerability can lead to system instability and potential denial of service conditions under specific network congestion circumstances. The issue primarily affects systems using the CAN network stack, with the potential for NULL pointer dereference that could crash the system (Red Hat Security).

The fix involves preventing the skb from being freed within the netif_rx() call by incrementing its reference count with skb_get(). The skb is then freed by using in-irq-context safe functions: dev_consume_skb_any() or dev_kfree_skb_any(). The 'any' version is used to accommodate drivers that might call can_get_echo_skb() in a normal context (Red Hat Security).