vulnerability
Oracle Linux: CVE-2020-11494: ELSA-2020-5663: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:P/I:N/A:N) | Apr 1, 2020 | May 7, 2020 | Dec 3, 2025 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
Published
Apr 1, 2020
Added
May 7, 2020
Modified
Dec 3, 2025
Description
An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4.
A flaw was discovered in slc_bump in drivers/net/can/slcan.c in CAN Communication Protocol. It allows a local attacker with special user privilege (or root) to read sensitive kernel stack information (considering CONFIG_INIT_STACK_ALL is not enabled) when a partially initialized data structure is exposed over the network layer.
A flaw was discovered in slc_bump in drivers/net/can/slcan.c in CAN Communication Protocol. It allows a local attacker with special user privilege (or root) to read sensitive kernel stack information (considering CONFIG_INIT_STACK_ALL is not enabled) when a partially initialized data structure is exposed over the network layer.
Solution
oracle-linux-upgrade-kernel-uek
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.