SB20251015134 - Buffer overflow in Linux kernel can spi driver
Published: October 15, 2025
Security Bulletin ID
SB20251015134
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2025-39987)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the function in drivers/net/can/spi/hi311x.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/57d332ce8c921d0e340650470bb0c1d707f216ee
- https://git.kernel.org/stable/c/7ab85762274c0fa997f0ef9a2307b2001aae43c4
- https://git.kernel.org/stable/c/8f351db6b2367991f0736b2cff082f5de4872113
- https://git.kernel.org/stable/c/ac1c7656fa717f29fac3ea073af63f0b9919ec9a
- https://git.kernel.org/stable/c/be1b25005fd0f9d4e78bec6695711ef87ee33398
- https://git.kernel.org/stable/c/def814b4ba31b563584061d6895d5ff447d5bc14
- https://git.kernel.org/stable/c/e77fdf9e33a83a08f04ab0cb68c19ddb365a622f
- https://git.kernel.org/stable/c/f2c247e9581024d8b3dd44cbe086bf2bebbef42c