Headline
CVE-2020-11494: slcan: Don't transmit uninitialized stack data in padding · torvalds/linux@b9258a2
An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4.
Permalink
Browse files
slcan: Don’t transmit uninitialized stack data in padding
struct can_frame contains some padding which is not explicitly zeroed in slc_bump. This uninitialized data will then be transmitted if the stack initialization hardening feature is not enabled (CONFIG_INIT_STACK_ALL).
This commit just zeroes the whole struct including the padding.
Signed-off-by: Richard Palethorpe [email protected] Fixes: a1044e3 (“can: add slcan driver for serial/USB-serial CAN adapters”) Reviewed-by: Kees Cook [email protected] Cc: [email protected] Cc: [email protected] Cc: [email protected] Cc: [email protected] Cc: [email protected] Cc: [email protected] Acked-by: Marc Kleine-Budde [email protected] Signed-off-by: David S. Miller [email protected]
- Loading branch information
Showing with 1 addition and 3 deletions.
- +1 −3 drivers/net/can/slcan.c