CVE-2020-36777 - Vulnerability Details

- media: dvbdev: Fix memory leak in dvb_media_device_free()

Description

In the Linux kernel, the following vulnerability has been resolved:

media: dvbdev: Fix memory leak in dvb_media_device_free()

dvb_media_device_free() is leaking memory. Free `dvbdev->adapter->conn`
before setting it to NULL, as documented in include/media/media-device.h:
"The media_entity instance itself must be freed explicitly by the driver
if required."

Published: 2024-02-27

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`0230d60e4661d9ced6fb0b9a30f182ebdafbba7a`	affected	< 06854b943e0571ccbd7ad0a529babed1a98ff275
`0230d60e4661d9ced6fb0b9a30f182ebdafbba7a`	affected	< 32168ca1f123316848fffb85d059860adf3c409f
`0230d60e4661d9ced6fb0b9a30f182ebdafbba7a`	affected	< cd89f79be5d553c78202f686e8e4caa5fbe94e98
`0230d60e4661d9ced6fb0b9a30f182ebdafbba7a`	affected	< 9185b3b1c143b8da409c19ac5a785aa18d67a81b
`0230d60e4661d9ced6fb0b9a30f182ebdafbba7a`	affected	< 43263fd43083e412311fa764cd04a727b0c6a749
`0230d60e4661d9ced6fb0b9a30f182ebdafbba7a`	affected	< 9ad15e214fcd73694ea51967d86055f47b802066
`0230d60e4661d9ced6fb0b9a30f182ebdafbba7a`	affected	< cede24d13be6c2a62be6d7ceea63c2719b0cfa82
`0230d60e4661d9ced6fb0b9a30f182ebdafbba7a`	affected	< bf9a40ae8d722f281a2721779595d6df1c33a0bf

Linux

affected

Version	Status	Constraints
`4.5`	affected	—
`0`	unaffected	< 4.5
`4.9.269`	unaffected	≤ 4.9.*
`4.14.233`	unaffected	≤ 4.14.*
`4.19.191`	unaffected	≤ 4.19.*
`5.4.118`	unaffected	≤ 5.4.*
`5.10.36`	unaffected	≤ 5.10.*
`5.11.20`	unaffected	≤ 5.11.*
`5.12.3`	unaffected	≤ 5.12.*
`5.13`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.5.1.rt7.346.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:3627	2024-06-05T00:00:00Z
kernel-0:4.18.0-553.5.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:3618	2024-06-05T00:00:00Z

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00012.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://git.kernel.org/stable/c/06854b943e0571ccbd7ad0a529babed1a98ff275
https://git.kernel.org/stable/c/32168ca1f123316848fffb85d059860adf3c409f
https://git.kernel.org/stable/c/43263fd43083e412311fa764cd04a727b0c6a749
https://git.kernel.org/stable/c/9185b3b1c143b8da409c19ac5a785aa18d67a81b
https://git.kernel.org/stable/c/9ad15e214fcd73694ea51967d86055f47b802066
https://git.kernel.org/stable/c/bf9a40ae8d722f281a2721779595d6df1c33a0bf
https://git.kernel.org/stable/c/cd89f79be5d553c78202f686e8e4caa5fbe94e98
https://git.kernel.org/stable/c/cede24d13be6c2a62be6d7ceea63c2719b0cfa82
https://lore.kernel.org/linux-cve-announce/20240227184057.2368370-2-gregkh@linuxfoundation.org/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2020-36777
https://www.cve.org/CVERecord?id=CVE-2020-36777

History

Fri, 20 Dec 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Linux Linux Kernel

Redhat Enterprise Linux

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-02-27T18:40:26.245Z

Updated: 2025-05-04T06:58:44.805Z

Reserved: 2024-02-26T17:07:27.434Z

Link: CVE-2020-36777

Vulnrichment

Updated: 2024-08-04T17:37:07.001Z

NVD

Status : Modified

Published: 2024-02-27T19:04:05.760

Modified: 2024-11-21T05:30:17.220

Link: CVE-2020-36777

Redhat

Severity : Low

Publid Date: 2024-02-27T00:00:00Z

Links: CVE-2020-36777 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-401

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object