[X][B][D][E][F][U][SRU][PATCH] Fix for CVE-2020-11494

Po-Hsu Lin po-hsu.lin at canonical.com
Wed Apr 8 08:58:23 UTC 2020

>From our CVE page:

"An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux
kernel through 5.6.2. It allows attackers to read uninitialized can_frame
data, potentially containing sensitive information from kernel stack
memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka

This is affecting Ubuntu kernel from Xenial to Focal. The fix can be
cherry-picked for them.

Richard Palethorpe (1):
  slcan: Don't transmit uninitialized stack data in padding

 drivers/net/can/slcan.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)


More information about the kernel-team mailing list