[X][B][D][E][F][U][SRU][PATCH] Fix for CVE-2020-11494
Po-Hsu Lin
po-hsu.lin at canonical.com
Wed Apr 8 08:58:23 UTC 2020
>From our CVE page:
https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11494.html
"An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux
kernel through 5.6.2. It allows attackers to read uninitialized can_frame
data, potentially containing sensitive information from kernel stack
memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka
CID-b9258a2cece4."
This is affecting Ubuntu kernel from Xenial to Focal. The fix can be
cherry-picked for them.
Richard Palethorpe (1):
slcan: Don't transmit uninitialized stack data in padding
drivers/net/can/slcan.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--
2.7.4
More information about the kernel-team
mailing list