A use-after-free flaw was found in slcan_write_wakeup in drivers/net/can/slcan.c in serial CAN module slcan. A race condition (when a communicate with can using slcan) between write (Schedule the transmit) and closing (flushing out any pending queues) the SLCAN channel. A local attacker with special user (or root) privilege can cause a denial of service (DoS) . This vulnerability could even lead to a kernel information leak threat. A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c. Upstream Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ace17d56824165c7f4c68785d6b58971db954dd
Mitigation: Mitigation for this issue is to skip loading the affected module 'slcan' and 'slip' onto the system until a fix is available. Using a blacklist mechanism will ensure the driver is not loaded at boot time and requires specific hardware (CANbus hardware), which is not in use on the system. ~~~ How do I blacklist a kernel module to prevent it from loading automatically? https://access.redhat.com/solutions/41278
The "slcan" module is shipped by Red Hat from RHEL 7.3 onwards. The "slcan" module can not be loaded on RHEL 7.2 and prior version. "slcan" Utilities are missing in the lower version than 7.3. source for drivers/net/can/slcan.c or configuration CONFIG_CAN_SLCAN was not seen. Can we say that RHEL 5 and 6 are unaffected by this flaw?