Bug 1826030 (CVE-2020-11494)

Summary: CVE-2020-11494 kernel: transmission of uninitialized data allows attackers to read sensitive information
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: acaringi, airlied, bhu, blc, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jlelli, john.j5live, jonathan, josef, jross, jshortt, jstancek, jwboyer, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, mchehab, mcressma, mjg59, mlangsdo, nmurray, qzhao, rkeshri, rt-maint, rvrbovsk, steved, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was discovered in slc_bump in drivers/net/can/slcan.c in CAN Communication Protocol. It allows a local attacker with special user privilege (or root) to read sensitive kernel stack information (considering CONFIG_INIT_STACK_ALL is not enabled) when a partially initialized data structure is exposed over the network layer.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-12-15 11:29:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1826031, 1829738, 1829739, 1829740    
Bug Blocks: 1826032    

Description Guilherme de Almeida Suckevicz 2020-04-20 17:43:24 UTC 
A flaw was discovered in slc_bump in drivers/net/can/slcan.c in CAN Communication Protocol. It allows a local attacker with special user privilege (or root)  to read sensitive kernel stack information (considering CONFIG_INIT_STACK_ALL is not enabled) when a partially initialized kernel data structure is exposed over the network layer.

Reference and upstream commit:
https://github.com/torvalds/linux/commit/b9258a2cece4ec1f020715fe3554bc2e360f6264
Comment 1 Guilherme de Almeida Suckevicz 2020-04-20 17:44:12 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1826031]
Comment 2 Justin M. Forbes 2020-04-20 18:05:51 UTC 
This was fixed for Fedora with the 5.5.17 stable kernel updates.
Comment 7 Rohit Keshri 2020-04-30 09:00:37 UTC 
Mitigation:

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.