CVE-2020-36782 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in lpi2c_imx_master_enable. However, pm_runtime_get_sync will increment the PM reference count even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/278e5bbdb9a94fa063c0f9bcde2479d0b8042462
https://git.kernel.org/stable/c/815859cb1d2302e74f11bf6894bceace9ca9eb4a
https://git.kernel.org/stable/c/b100650d80cd2292f6c152f5f2943b5944b3e8ce
https://git.kernel.org/stable/c/bb300acc867e937edc2a6898e92b21f88e4e4e66
https://git.kernel.org/stable/c/cc49d206414240483bb93ffa3d80243e6a776916
https://lore.kernel.org/linux-cve-announce/2024022820-CVE-2020-36782-e7d8@gregkh/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2020-36782
https://www.cve.org/CVERecord?id=CVE-2020-36782

History

No history.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-02-28T08:13:04.110Z

Updated: 2024-11-04T11:49:37.411Z

Reserved: 2024-02-26T17:07:27.435Z

Link: CVE-2020-36782

Vulnrichment

Updated: 2024-08-04T17:37:07.089Z

NVD

Status : Awaiting Analysis

Published: 2024-02-28T09:15:36.777

Modified: 2024-02-28T14:06:45.783

Link: CVE-2020-36782

Redhat

Severity : Low

Publid Date: 2024-02-28T00:00:00Z

Links: CVE-2020-36782 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2020-36782", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-26T17:07:27.435Z", "datePublished": "2024-02-28T08:13:04.110Z", "dateUpdated": "2024-11-04T11:49:37.411Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T11:49:37.411Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails\n\nThe PM reference count is not expected to be incremented on\nreturn in lpi2c_imx_master_enable.\n\nHowever, pm_runtime_get_sync will increment the PM reference\ncount even failed. Forgetting to putting operation will result\nin a reference leak here.\n\nReplace it with pm_runtime_resume_and_get to keep usage\ncounter balanced."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/i2c/busses/i2c-imx-lpi2c.c"], "versions": [{"version": "13d6eb20fc79", "lessThan": "815859cb1d23", "status": "affected", "versionType": "git"}, {"version": "13d6eb20fc79", "lessThan": "cc49d2064142", "status": "affected", "versionType": "git"}, {"version": "13d6eb20fc79", "lessThan": "bb300acc867e", "status": "affected", "versionType": "git"}, {"version": "13d6eb20fc79", "lessThan": "b100650d80cd", "status": "affected", "versionType": "git"}, {"version": "13d6eb20fc79", "lessThan": "278e5bbdb9a9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/i2c/busses/i2c-imx-lpi2c.c"], "versions": [{"version": "4.16", "status": "affected"}, {"version": "0", "lessThan": "4.16", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.119", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.37", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.11.21", "lessThanOrEqual": "5.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.4", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/815859cb1d2302e74f11bf6894bceace9ca9eb4a"}, {"url": "https://git.kernel.org/stable/c/cc49d206414240483bb93ffa3d80243e6a776916"}, {"url": "https://git.kernel.org/stable/c/bb300acc867e937edc2a6898e92b21f88e4e4e66"}, {"url": "https://git.kernel.org/stable/c/b100650d80cd2292f6c152f5f2943b5944b3e8ce"}, {"url": "https://git.kernel.org/stable/c/278e5bbdb9a94fa063c0f9bcde2479d0b8042462"}], "title": "i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-36782", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-28T20:38:48.650662Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:12:27.144Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:37:07.089Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/815859cb1d2302e74f11bf6894bceace9ca9eb4a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cc49d206414240483bb93ffa3d80243e6a776916", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bb300acc867e937edc2a6898e92b21f88e4e4e66", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b100650d80cd2292f6c152f5f2943b5944b3e8ce", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/278e5bbdb9a94fa063c0f9bcde2479d0b8042462", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/815859cb1d2302e74f11bf6894bceace9ca9eb4a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cc49d206414240483bb93ffa3d80243e6a776916", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bb300acc867e937edc2a6898e92b21f88e4e4e66", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b100650d80cd2292f6c152f5f2943b5944b3e8ce", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/278e5bbdb9a94fa063c0f9bcde2479d0b8042462", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:37:07.089Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-36782", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-28T20:38:48.650662Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:13.847Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "13d6eb20fc79", "lessThan": "815859cb1d23", "versionType": "git"}, {"status": "affected", "version": "13d6eb20fc79", "lessThan": "cc49d2064142", "versionType": "git"}, {"status": "affected", "version": "13d6eb20fc79", "lessThan": "bb300acc867e", "versionType": "git"}, {"status": "affected", "version": "13d6eb20fc79", "lessThan": "b100650d80cd", "versionType": "git"}, {"status": "affected", "version": "13d6eb20fc79", "lessThan": "278e5bbdb9a9", "versionType": "git"}], "programFiles": ["drivers/i2c/busses/i2c-imx-lpi2c.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.16"}, {"status": "unaffected", "version": "0", "lessThan": "4.16", "versionType": "custom"}, {"status": "unaffected", "version": "5.4.119", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.37", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.11.21", "versionType": "custom", "lessThanOrEqual": "5.11.*"}, {"status": "unaffected", "version": "5.12.4", "versionType": "custom", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/i2c/busses/i2c-imx-lpi2c.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/815859cb1d2302e74f11bf6894bceace9ca9eb4a"}, {"url": "https://git.kernel.org/stable/c/cc49d206414240483bb93ffa3d80243e6a776916"}, {"url": "https://git.kernel.org/stable/c/bb300acc867e937edc2a6898e92b21f88e4e4e66"}, {"url": "https://git.kernel.org/stable/c/b100650d80cd2292f6c152f5f2943b5944b3e8ce"}, {"url": "https://git.kernel.org/stable/c/278e5bbdb9a94fa063c0f9bcde2479d0b8042462"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails\n\nThe PM reference count is not expected to be incremented on\nreturn in lpi2c_imx_master_enable.\n\nHowever, pm_runtime_get_sync will increment the PM reference\ncount even failed. Forgetting to putting operation will result\nin a reference leak here.\n\nReplace it with pm_runtime_resume_and_get to keep usage\ncounter balanced."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T04:58:27.487Z"}}}, "cveMetadata": {"cveId": "CVE-2020-36782", "state": "PUBLISHED", "dateUpdated": "2024-08-04T17:37:07.089Z", "dateReserved": "2024-02-26T17:07:27.435Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-28T08:13:04.110Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"bugzilla": {"description": "kernel: i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails", "id": "2266948", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266948"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-402", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ni2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails\nThe PM reference count is not expected to be incremented on\nreturn in lpi2c_imx_master_enable.\nHowever, pm_runtime_get_sync will increment the PM reference\ncount even failed. Forgetting to putting operation will result\nin a reference leak here.\nReplace it with pm_runtime_resume_and_get to keep usage\ncounter balanced."], "name": "CVE-2020-36782", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-36782\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-36782\nhttps://lore.kernel.org/linux-cve-announce/2024022820-CVE-2020-36782-e7d8@gregkh/T/#u"], "threat_severity": "Low", "upstream_fix": "kernel 5.4.119, kernel 5.10.37, kernel 5.11.21, kernel 5.12.4, kernel 5.13"}