[X][B][D][E][F][U][SRU][PATCH] Fix for CVE-2020-11494

Po-Hsu Lin po-hsu.lin at canonical.com
Wed Apr 8 08:58:23 UTC 2020


>From our CVE page:
https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11494.html

"An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux
kernel through 5.6.2. It allows attackers to read uninitialized can_frame
data, potentially containing sensitive information from kernel stack
memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka
CID-b9258a2cece4."

This is affecting Ubuntu kernel from Xenial to Focal. The fix can be
cherry-picked for them.

Richard Palethorpe (1):
  slcan: Don't transmit uninitialized stack data in padding

 drivers/net/can/slcan.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

-- 
2.7.4




More information about the kernel-team mailing list