CVE-2022-49845: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49845 is a vulnerability discovered in the Linux kernel, specifically in the j1939sendone() function related to CAN header initialization. The vulnerability was disclosed on May 1, 2025, affecting Linux kernel versions from 5.11 up to (excluding) 5.15.79 and from 5.16 up to (excluding) 6.0.9 (NVD).

The vulnerability stems from a missing initialization of reserved and later filled elements in struct canframe. Specifically, the read access to struct canxlframe::len inside of a j1939 created skbuff revealed that reserved elements were not properly initialized. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access is required (NVD).

The vulnerability affects the availability of the system, as indicated by the CVSS metrics showing high impact on availability (A:H) while having no impact on confidentiality (C:N) or integrity (I:N) (NVD).

The vulnerability has been patched by implementing proper initialization of the 8-byte CAN header with zero. Various Linux distributions have released fixes, including Ubuntu 22.04 LTS (5.15.0-67.74), Ubuntu 20.04 LTS (5.4.0-144.161), and Ubuntu 18.04 LTS (5.4.0-1097.105~18.04.1) (Ubuntu).