CVE-2022-2741: can: denial-of-service can be triggered by a crafted CAN frame
First published: Mon Oct 31 2022(Updated: )
The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The frame must contain the opposite RTR bit as what the filter installed in the vulnerable node contains (if the filter matches RTR frames, the frame must be a data frame or vice versa).
Credit: vulnerabilities@zephyrproject.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zephyrproject Zephyr | <=3.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-2741?
CVE-2022-2741 is a denial-of-service vulnerability that can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node.
How can CVE-2022-2741 be exploited?
CVE-2022-2741 can be exploited by transmitting a CAN frame with a CAN ID matching an installed filter in the vulnerable node on the same CAN network.
What is the affected software of CVE-2022-2741?
Zephyrproject Zephyr up to version 3.1.0 is affected by CVE-2022-2741.
What is the severity of CVE-2022-2741?
CVE-2022-2741 has a severity rating of 7.5 (high).
How can I mitigate CVE-2022-2741?
To mitigate CVE-2022-2741, it is recommended to update Zephyrproject Zephyr to a version higher than 3.1.0.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/title
- agent/severity
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- agent/description
- agent/event
- vendor/zephyrproject
- canonical/zephyrproject zephyr
- version/zephyrproject zephyr/3.1.0