CVE-2022-49008: can: can327: can327_feed_frame_to_netdev(): fix potential skb leak when netdev is down
In the Linux kernel, the following vulnerability has been resolved:
can: can327: can327_feed_frame_to_netdev(): fix potential skb leak when netdev is down
In can327_feed_frame_to_netdev(), it did not free the skb when netdev
is down, and all callers of can327_feed_frame_to_netdev() did not free
allocated skb too. That would trigger skb leak.
Fix it by adding kfree_skb() in can327_feed_frame_to_netdev() when netdev
is down. Not tested, just compiled.
Security readout for executives and security teams
Plain-English summary
CVE-2022-49008 is a Linux kernel issue in the CAN can327 driver. When a network device is down, the driver may fail to release a network buffer, causing a memory leak. The public record does not provide a CVSS score or evidence of active exploitation.
Executive priority
Treat as a targeted availability risk, not a broad internet-facing emergency based on current evidence. Prioritize patching where Linux CAN functionality is used, especially embedded, industrial, automotive, or lab systems relying on kernel stability.
Technical view
The flaw is in can327_feed_frame_to_netdev(). If the netdev is down, the function did not free the allocated skb, while callers also did not free it. The kernel fix adds kfree_skb() on that path. Public affected data lists Linux 6.0, 6.0.12, and 6.1 context.
Likely exposure
Exposure is most relevant to Linux systems using the CAN subsystem with the can327 driver. Systems without this driver or CAN use are less likely to be affected. Confirm against the exact kernel version and vendor backports.
Exploitation context
No CISA KEV listing and no cited source in the bundle reports active exploitation. The described impact is a kernel skb memory leak, which could affect availability if the vulnerable path is repeatedly reached.
Researcher notes
The record is sparse: no CVSS, no CWE, and limited affected-version detail. The key technical evidence is the Linux stable commits fixing an skb leak when netdev is down. Avoid assuming exploitability beyond resource leakage without additional vendor analysis.
Mitigation direction
Update to a vendor kernel that includes the referenced stable fixes.
If updates are not available, check vendor guidance for supported mitigations.
Reduce exposure of unused CAN/can327 functionality where operationally feasible.
Validation and detection
Inventory Linux kernels and identify systems using CAN or can327.
Compare running kernel packages against vendor advisories and stable fix inclusion.
Review kernel changelogs for the referenced can327 skb leak fix.
Prioritize validation on systems with CAN interfaces or embedded/vehicle-related workloads.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2022-49008 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.