Vulnerability Description
The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The frame must contain the opposite RTR bit as what the filter installed in the vulnerable node contains (if the filter matches RTR frames, the frame must be a data frame or vice versa).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zephyrproject | Zephyr | <= 3.1.0 |
Related Weaknesses (CWE)
References
- https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx5v-j59q-PatchThird Party Advisory
- https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx5v-j59q-PatchThird Party Advisory
FAQ
What is CVE-2022-2741?
CVE-2022-2741 is a vulnerability with a CVSS score of 8.2 (HIGH). The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vu...
How severe is CVE-2022-2741?
CVE-2022-2741 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2741?
Check the references section above for vendor advisories and patch information. Affected products include: Zephyrproject Zephyr.