An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4.
The product uses or accesses a resource that has not been initialized.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | 3.16 (including) | 5.6.2 (including) |