CVE-2022-49863: 
Linux Kernel vulnerability analysis and mitigation

A NULL pointer dereference vulnerability (CVE-2022-49863) was discovered in the Linux kernel's CAN (Controller Area Network) protocol implementation, specifically in the canrxregister() function. The vulnerability was publicly disclosed on May 1, 2025, affecting various versions of the Linux kernel from 5.10.28 to 6.0.9 (NVD).

The vulnerability occurs through a specific sequence of syscalls: creating a netlink socket using syscall(NR_socket, 0x10ul, 3ul, 0), creating bond link and vxcan link devices and binding them, creating a CAN socket with syscall(NRsocket, 0x1dul, 3ul, 1), and binding the bond device to the CAN socket. The issue arises because mlpriv is not allocated to the dev, causing devrcvlists to be assigned NULL in canrxregister(). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability results in a kernel NULL pointer dereference at address 0x0000000000000008, which can lead to system crashes and potential denial of service conditions (Wiz).

Red Hat has marked this vulnerability as 'Fix deferred' for Red Hat Enterprise Linux 9 and kernel-rt packages. Users are advised to update their systems once patches become available (Wiz).