APPLIED [XBDE]: [X][B][D][E][F][U][SRU][PATCH] Fix for CVE-2020-11494
Kelsey Skunberg
kelsey.skunberg at canonical.com
Fri Apr 17 17:13:17 UTC 2020
On 2020-04-08 16:58:23 , Po-Hsu Lin wrote:
> From our CVE page:
> https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11494.html
>
> "An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux
> kernel through 5.6.2. It allows attackers to read uninitialized can_frame
> data, potentially containing sensitive information from kernel stack
> memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka
> CID-b9258a2cece4."
>
> This is affecting Ubuntu kernel from Xenial to Focal. The fix can be
> cherry-picked for them.
>
> Richard Palethorpe (1):
> slcan: Don't transmit uninitialized stack data in padding
>
> drivers/net/can/slcan.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
> --
> 2.7.4
>
>
Applied to master-next for Xenial, Bionic, Disco, and Eoan. Thank you!
-Kelsey
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list