An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4.
2020-04-02T21:15:13.613
2024-11-21T04:58:00.713
Modified
CVSSv3.1: 4.4 (MEDIUM)
AV:L/AC:L/Au:N/C:P/I:N/A:N
3.9
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Operating System | linux | linux_kernel | ≤ 5.6.2 | Yes |
Operating System | opensuse | leap | 15.1 | Yes |
Operating System | debian | debian_linux | 8.0 | Yes |
Operating System | debian | debian_linux | 9.0 | Yes |
Operating System | canonical | ubuntu_linux | 14.04 | Yes |
Operating System | canonical | ubuntu_linux | 16.04 | Yes |
Operating System | canonical | ubuntu_linux | 18.04 | Yes |
Operating System | canonical | ubuntu_linux | 19.10 | Yes |