APPLIED[F/Unstable]: [X][B][D][E][F][U][SRU][PATCH] Fix for CVE-2020-11494
Seth Forshee
seth.forshee at canonical.com
Thu Apr 9 21:08:22 UTC 2020
On Wed, Apr 08, 2020 at 04:58:23PM +0800, Po-Hsu Lin wrote:
> From our CVE page:
> https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11494.html
>
> "An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux
> kernel through 5.6.2. It allows attackers to read uninitialized can_frame
> data, potentially containing sensitive information from kernel stack
> memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka
> CID-b9258a2cece4."
>
> This is affecting Ubuntu kernel from Xenial to Focal. The fix can be
> cherry-picked for them.
Applied to focal/master-next and unstable/master, thanks!
More information about the kernel-team
mailing list