Headline
CVE-2020-11494: slcan: Don't transmit uninitialized stack data in padding · torvalds/linux@b9258a2
An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4.
Permalink
Browse files
slcan: Don’t transmit uninitialized stack data in padding
struct can_frame contains some padding which is not explicitly zeroed in slc_bump. This uninitialized data will then be transmitted if the stack initialization hardening feature is not enabled (CONFIG_INIT_STACK_ALL).
This commit just zeroes the whole struct including the padding.
Signed-off-by: Richard Palethorpe rpalethorpe@suse.com Fixes: a1044e3 (“can: add slcan driver for serial/USB-serial CAN adapters”) Reviewed-by: Kees Cook keescook@chromium.org Cc: linux-can@vger.kernel.org Cc: netdev@vger.kernel.org Cc: security@kernel.org Cc: wg@grandegger.com Cc: mkl@pengutronix.de Cc: davem@davemloft.net Acked-by: Marc Kleine-Budde mkl@pengutronix.de Signed-off-by: David S. Miller davem@davemloft.net
- Loading branch information
Showing with 1 addition and 3 deletions.
- +1 −3 drivers/net/can/slcan.c