vulnerability
Oracle Linux: CVE-2020-11494: ELSA-2020-5663: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:L/Au:M/C:C/I:N/A:N) | 2020-04-01 | 2020-05-07 | 2025-01-23 |
Severity
4
CVSS
(AV:L/AC:L/Au:M/C:C/I:N/A:N)
Published
2020-04-01
Added
2020-05-07
Modified
2025-01-23
Description
An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4.
A flaw was discovered in slc_bump in drivers/net/can/slcan.c in CAN Communication Protocol. It allows a local attacker with special user privilege (or root) to read sensitive kernel stack information (considering CONFIG_INIT_STACK_ALL is not enabled) when a partially initialized data structure is exposed over the network layer.
A flaw was discovered in slc_bump in drivers/net/can/slcan.c in CAN Communication Protocol. It allows a local attacker with special user privilege (or root) to read sensitive kernel stack information (considering CONFIG_INIT_STACK_ALL is not enabled) when a partially initialized data structure is exposed over the network layer.
Solution
oracle-linux-upgrade-kernel-uek
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.