CVE-2025-21775 is a vulnerability identified in the Linux kernel specifically within the CAN (Controller Area Network) subsystem implementation, more precisely in the ctucanfd driver. The issue arises from improper handling of skb (socket buffer) allocation failures. When skb allocation fails, the pointer to the struct can_frame becomes NULL. While the Linux kernel's ctucan_err_interrupt() function generally handles this NULL pointer scenario correctly, there is one instance where this NULL check was missing. This omission can lead to a NULL pointer dereference, which may cause a kernel panic or system crash, resulting in a denial of service (DoS) condition. The vulnerability was discovered by the Linux Verification Center using the SVACE static analysis tool, indicating a code quality and robustness issue rather than a direct memory corruption or privilege escalation flaw. The affected versions correspond to a specific commit hash repeated multiple times, suggesting the vulnerability exists in certain kernel builds prior to the patch. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The fix involves adding the missing NULL pointer check to ensure robust error handling during skb allocation failure in the CAN driver interrupt handler.

For European organizations, the primary impact of this vulnerability is the potential for denial of service on Linux systems utilizing the CAN protocol stack, which is commonly used in automotive, industrial control systems, and embedded devices. Organizations involved in automotive manufacturing, industrial automation, or critical infrastructure that rely on Linux-based CAN implementations could experience system instability or crashes if this vulnerability is triggered. While the vulnerability does not appear to allow privilege escalation or remote code execution, the resulting kernel panic could disrupt operations, leading to downtime and potential safety risks in environments where CAN bus communication is critical. The impact is particularly relevant for sectors such as automotive suppliers, manufacturing plants, and transportation systems in Europe that deploy Linux-based embedded systems. Since exploitation requires triggering skb allocation failure and involves kernel-level code, it is less likely to be exploited remotely without local access or specific conditions, limiting the attack surface but not eliminating risk in targeted scenarios.

To mitigate this vulnerability, European organizations should: 1) Apply the official Linux kernel patches that add the missing NULL pointer check in the ctucanfd driver as soon as they become available. 2) For embedded and industrial systems, coordinate with device vendors to ensure firmware or kernel updates include this fix. 3) Implement robust monitoring of kernel logs and system stability to detect any abnormal crashes or kernel panics related to CAN subsystem operations. 4) Limit access to systems running vulnerable Linux kernels to trusted users and networks to reduce the risk of triggering the vulnerability. 5) Conduct thorough testing of CAN-related functionality after patching to ensure system stability and compatibility. 6) Where possible, employ kernel hardening techniques and memory protection features to reduce the impact of kernel-level faults. 7) Maintain an inventory of Linux systems using CAN drivers to prioritize patch deployment and risk assessment.