The isotp_setsockopt in net/can/isotp.c allows a use-after-free. This leads to arbitrary kernel execution by overwriting the sk_error_report()
pointer, which can be misused in order to execute a user-controlled ROP chain to gain root privileges.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1959674]