CVE-2026-5071 – can: Local Denial of Service via SocketCAN Send

CVE ID :CVE-2026-5071

Published : May 30, 2026, 8:16 a.m. | 16 minutes ago

Description :The SocketCAN implementation validates the length of a user-provided buffer containing a socketcan_frame object using only a NET_ASSERT statement in zcan_sendto_ctx() before dereferencing it in socketcan_to_can_frame(). In production builds where assertions are disabled, a userspace application that controls the length passed to a sendto syscall can supply an incomplete or truncated frame, causing socketcan_to_can_frame() to dereference fields beyond the end of the buffer. This results in an out-of-bounds read that can cause denial-of-service crashes or, because the parsed frame contents are transmitted on the network, leak adjacent memory.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-7465 – Spectra Gutenberg Blocks

CVE-2026-9757 – GEO my WP

CVE-2026-7459 – Simple History – Track, Log, and Audit WordPress Changes

CVE-2026-10115 – Open5GS Shared NF-profile nnrf-handler.c denial of service