A flaw was discovered in slc_bump in drivers/net/can/slcan.c in CAN Communication Protocol. It allows a local attacker with special user privilege (or root) to read sensitive kernel stack information (considering CONFIG_INIT_STACK_ALL is not enabled) when a partially initialized kernel data structure is exposed over the network layer.
Reference and upstream commit:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1826031]
This was fixed for Fedora with the 5.5.17 stable kernel updates.
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.