Linux Kernel could allow an attacker to obtain sensitive information, caused by a flaw in the BPF protection against speculative execution attacks. By executing a specially-crafted BPF program, an attacker could exploit this vulnerability to obtain contents of arbitrary kernel memory information, and use this information to launch further attacks against the affected system.
Linux Kernel could allow an authenticated attacker to gain elevated privileges on the system, caused by a race condition in net/can/bcm.c. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges as root.
Refer to Linux Kernel GIT Repository for patch, upgrade or suggested workaround information.