CVE - CVE-2025-37993

CVE-ID
CVE-2025-37993	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_class_allocate_dev(): initialize spin lock on device probe The spin lock tx_handling_spinlock in struct m_can_classdev is not being initialized. This leads the following spinlock bad magic complaint from the kernel, eg. when trying to send CAN frames with cansend from can-utils: \| BUG: spinlock bad magic on CPU#0, cansend/95 \| lock: 0xff60000002ec1010, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0 \| CPU: 0 UID: 0 PID: 95 Comm: cansend Not tainted 6.15.0-rc3-00032-ga79be02bba5c #5 NONE \| Hardware name: MachineWare SIM-V (DT) \| Call Trace: \| [<ffffffff800133e0>] dump_backtrace+0x1c/0x24 \| [<ffffffff800022f2>] show_stack+0x28/0x34 \| [<ffffffff8000de3e>] dump_stack_lvl+0x4a/0x68 \| [<ffffffff8000de70>] dump_stack+0x14/0x1c \| [<ffffffff80003134>] spin_dump+0x62/0x6e \| [<ffffffff800883ba>] do_raw_spin_lock+0xd0/0x142 \| [<ffffffff807a6fcc>] _raw_spin_lock_irqsave+0x20/0x2c \| [<ffffffff80536dba>] m_can_start_xmit+0x90/0x34a \| [<ffffffff806148b0>] dev_hard_start_xmit+0xa6/0xee \| [<ffffffff8065b730>] sch_direct_xmit+0x114/0x292 \| [<ffffffff80614e2a>] __dev_queue_xmit+0x3b0/0xaa8 \| [<ffffffff8073b8fa>] can_send+0xc6/0x242 \| [<ffffffff8073d1c0>] raw_sendmsg+0x1a8/0x36c \| [<ffffffff805ebf06>] sock_write_iter+0x9a/0xee \| [<ffffffff801d06ea>] vfs_write+0x184/0x3a6 \| [<ffffffff801d0a88>] ksys_write+0xa0/0xc0 \| [<ffffffff801d0abc>] __riscv_sys_write+0x14/0x1c \| [<ffffffff8079ebf8>] do_trap_ecall_u+0x168/0x212 \| [<ffffffff807a830a>] handle_exception+0x146/0x152 Initializing the spin lock in m_can_class_allocate_dev solves that problem.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/2ecce25ea296f328d79070ee36229a15aeeb7aca URL:https://git.kernel.org/stable/c/2ecce25ea296f328d79070ee36229a15aeeb7aca MISC:https://git.kernel.org/stable/c/7d5379cfecfdd665e4206bc4f19824656388779f URL:https://git.kernel.org/stable/c/7d5379cfecfdd665e4206bc4f19824656388779f MISC:https://git.kernel.org/stable/c/dcaeeb8ae84c5506ebc574732838264f3887738c URL:https://git.kernel.org/stable/c/dcaeeb8ae84c5506ebc574732838264f3887738c
Assigning CNA
kernel.org
Date Record Created
20250416	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250416)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)