CVE-2020-36779 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

i2c: stm32f7: fix reference leak when pm_runtime_get_sync fails

The PM reference count is not expected to be incremented on
return in these stm32f7_i2c_xx serious functions.

However, pm_runtime_get_sync will increment the PM reference
count even failed. Forgetting to putting operation will result
in a reference leak here.

Replace it with pm_runtime_resume_and_get to keep usage
counter balanced.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00035.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/2c662660ce2bd3b09dae21a9a9ac9395e1e6c00b
https://git.kernel.org/stable/c/c323b270a52a26aa8038a4d1fd9a850904a41166
https://git.kernel.org/stable/c/c7ea772c9fcf711ed566814b92eecaffc0e2bfd0
https://git.kernel.org/stable/c/d791b90f5c5e5aa8ccf9e33386c16bd2b7e333a4
https://lore.kernel.org/linux-cve-announce/2024022819-CVE-2020-36779-9f1e@gregkh/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2020-36779
https://www.cve.org/CVERecord?id=CVE-2020-36779

History

Fri, 20 Dec 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 06 Dec 2024 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-02-28T08:13:02.220Z

Updated: 2025-05-04T06:58:47.065Z

Reserved: 2024-02-26T17:07:27.434Z

Link: CVE-2020-36779

Vulnrichment

Updated: 2024-08-04T17:37:07.416Z

NVD

Status : Analyzed

Published: 2024-02-28T09:15:36.617

Modified: 2024-12-06T16:14:26.157

Link: CVE-2020-36779

Redhat

Severity : Low

Publid Date: 2024-02-28T00:00:00Z

Links: CVE-2020-36779 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object