A flaw was found in the linux kernels implementation of the Peak CANBUS usb device driver in the linux kernel. An information leak caused by the device could allow for a local attacker to possibly gain private information from uninitialized kernel memory. Upstream Patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30a8beeb3042f49d0537b7050fd21b490166a3d9 References: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.9 http://www.openwall.com/lists/oss-security/2019/12/03/4 http://seclists.org/oss-sec/2019/q4/115
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1783548]
This was fixed for Fedora with the 5.2.9 stable kernel update.
This flaw is rated as moderate, its an information leak that only happens once at device creation time, access methods of the information is quite difficult.