linux is vulnerable to information disclosure. The vulnerability exists through a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c
driver.
lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
www.openwall.com/lists/oss-security/2019/12/03/4
cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.9
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ead16e53c2f0ed946d82d4037c630e2f60f4ab69
lists.debian.org/debian-lts-announce/2020/01/msg00013.html
lists.debian.org/debian-lts-announce/2020/03/msg00001.html