VDB
CVE-2020-11494
CVE-2020-11494
PUBLISHED
An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4.
EPSS 0.08% · 23.8th percentile
Risk Scores
EPSS Score
0.08%
23.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | linux-raspi2 | 0, 4.15.0-1017.18, 4.15.0-1022.24 |
| Ubuntu:Pro:14.04:LTS | linux | 3.13.0-201.252, 3.13.0-157.207, 3.13.0-155.205 |
| Ubuntu:Pro:FIPS:18.04:LTS | linux-aws-fips | 4.15.0-2000.4, 0 |
| Ubuntu:Pro:14.04:LTS | linux-azure | 4.15.0-1060.65~14.04.1, 4.15.0-1061.66~14.04.1, 4.15.0-1063.68~14.04.1 |
| Ubuntu:18.04:LTS | linux-azure-edge | 4.18.0-1006.6~18.04.1, 4.18.0-1008.8~18.04.1, 4.18.0-1007.7~18.04.1 |
| Ubuntu:18.04:LTS | linux-azure-4.15 | 0, 4.15.0-1082.92 |
| Ubuntu:16.04:LTS | linux-raspi2 | 4.4.0-1034.41, 4.4.0-1010.12, 4.4.0-1051.58 |
| Ubuntu:Pro:14.04:LTS | linux-lts-xenial | *, 0, * |
| Ubuntu:18.04:LTS | linux-kvm | 4.15.0-1051.51, 4.15.0-1052.52, 4.15.0-1042.42 |
| Ubuntu:18.04:LTS | linux-hwe | *, *, * |
| Ubuntu:20.04:LTS | linux-raspi2 | 5.3.0-1017.19, 5.4.0-1006.6, 5.3.0-1007.8 |
| Ubuntu:18.04:LTS | linux-gke-5.0 | 5.0.0-1035.36, 5.0.0-1030.31, * |
| Ubuntu:Pro:14.04:LTS | linux-aws | 4.4.0-1028.31, 4.4.0-1027.30, 4.4.0-1025.26 |
| Ubuntu:18.04:LTS | linux-gke-4.15 | 4.15.0-1057.60, 4.15.0-1046.49, 4.15.0-1058.61 |
| Ubuntu:18.04:LTS | linux-raspi2-5.3 | *, 5.3.0-1023.25~18.04.1, * |
| Ubuntu:Pro:FIPS-updates:18.04:LTS | linux-aws-fips | 0, 4.15.0-2000.4 |
| Ubuntu:18.04:LTS | linux-azure | 4.18.0-1014.14~18.04.1, 5.0.0-1036.38, 4.15.0-1008.8 |
| Ubuntu:18.04:LTS | linux-aws | 4.15.0-1044.46, 0, 4.15.0-1040.42 |
| Ubuntu:20.04:LTS | linux-azure-fde | 5.4.0-1063.66+cvm2.2, 5.4.0-1065.68+cvm2.1, 0 |
| Ubuntu:24.04:LTS | linux-raspi-realtime | 6.8.0-2019.20, 0 |
…and 36 more
Timeline
- Apr 2, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-11494 third-party-advisory
- https://lore.kernel.org/netdev/20200401100639.20199-1-rpalethorpe@suse.com/ third-party-advisory
- https://github.com/torvalds/linux/commit/b9258a2cece4ec1f020715fe3554bc2e360f6264 third-party-advisory
- https://github.com/richiejp/ltp/blob/pty-slcan/testcases/kernel/pty/pty04.c third-party-advisory
- https://ubuntu.com/security/notices/USN-4363-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4364-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4369-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4368-1 vendor-advisory
- https://usn.ubuntu.com/lsn/0067-1/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-11494 third-party-advisory