PT-2020-5268 · Linux+3 · Linux Kernel+3

Richard Palethorpe

·

Published

2020-04-01

·

Updated

2022-04-29

·

CVE-2020-11494

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:S/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions 3.16 through 5.6.2
Description An issue in the Linux kernel allows attackers to read uninitialized can frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG INIT STACK ALL. This issue is related to the slc bump function in drivers/net/can/slcan.c. The exploitation of this issue may allow an attacker to gain unauthorized access to protected information.
Recommendations For Linux kernel versions 3.16 through 5.6.2, consider updating to a version that includes the necessary configuration changes to mitigate this issue, such as enabling CONFIG INIT STACK ALL. As a temporary workaround, consider restricting access to the slc bump function in drivers/net/can/slcan.c to minimize the risk of exploitation.

Fix

Use of Uninitialized Resource

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-908CWE-909CWE-200

Related Identifiers

ALT-PU-2020-1761
ALT-PU-2020-1913
ALT-PU-2020-1917
ALT-PU-2020-1928
ALT-PU-2020-2153
ALT-PU-2020-2164
ALT-PU-2021-1621
ALT-PU-2021-1656
ALT-PU-2021-1739
ALT-PU-2021-1862
ALT-PU-2021-1866
ALT-PU-2021-1870
BDU:2020-05902
BDU:2021-01200
CVE-2020-11494
DLA-2241-1
DLA-2241-2
DLA-2242-1
DSA-4698-1
LSN-0067-1
LSN-0068-1
LSN-0072-1
MGASA-2020-0183
MGASA-2020-0184
OPENSUSE-SU-2020:0543-1
OPENSUSE-SU-2020_0543-1
SUSE-SU-2020:1084-1
SUSE-SU-2020:1085-1
SUSE-SU-2020:1087-1
SUSE-SU-2020:1118-1
SUSE-SU-2020:1119-1
SUSE-SU-2020:1123-1
SUSE-SU-2020:1141-1
SUSE-SU-2020:1142-1
SUSE-SU-2020:1146-1
SUSE-SU-2020:1255-1
SUSE-SU-2020:1275-1
SUSE-SU-2020:1663-1
SUSE-SU-2020_1663-1
USN-4363-1
USN-4364-1
USN-4368-1
USN-4369-1

Affected Products

Alt Linux
Linux Kernel
Suse
Ubuntu