ACK: [X][B][D][E][F][U][SRU][PATCH] Fix for CVE-2020-11494
Andrea Righi
andrea.righi at canonical.com
Wed Apr 8 09:31:11 UTC 2020
On Wed, Apr 08, 2020 at 04:58:23PM +0800, Po-Hsu Lin wrote:
> From our CVE page:
> https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11494.html
>
> "An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux
> kernel through 5.6.2. It allows attackers to read uninitialized can_frame
> data, potentially containing sensitive information from kernel stack
> memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka
> CID-b9258a2cece4."
>
> This is affecting Ubuntu kernel from Xenial to Focal. The fix can be
> cherry-picked for them.
>
> Richard Palethorpe (1):
> slcan: Don't transmit uninitialized stack data in padding
>
> drivers/net/can/slcan.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
> --
> 2.7.4
Looks good to me. Thanks!
Acked-by: Andrea Righi <andrea.righi at canonical.com>
More information about the kernel-team
mailing list