SB20251226180 - Out-of-bounds read in Linux kernel can j1939
Published: December 26, 2025 Updated: December 31, 2025
Security Bulletin ID
SB20251226180
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2023-54039)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the j1939_tp_tx_dat_new() function in net/can/j1939/transport.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/36befc9aed6202b4a9b906529aea13eacd7e34ff
- https://git.kernel.org/stable/c/4c3fb22a6ec68258ee129a2e6b720f43dffc562f
- https://git.kernel.org/stable/c/4fe1d9b6231a68ffc91318f57fd8e4982f028cf7
- https://git.kernel.org/stable/c/70caa596d158a5d84b117f722d58f3ea503a5ba9
- https://git.kernel.org/stable/c/b45193cb4df556fe6251b285a5ce44046dd36b4a
- https://git.kernel.org/stable/c/d2136f05690c272dfc9f9d6efcc51d5f53494b33
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.241