CVE-2020-36784 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

i2c: cadence: fix reference leak when pm_runtime_get_sync fails

The PM reference count is not expected to be incremented on
return in functions cdns_i2c_master_xfer and cdns_reg_slave.

However, pm_runtime_get_sync will increment pm usage counter
even failed. Forgetting to putting operation will result in a
reference leak here.

Replace it with pm_runtime_resume_and_get to keep usage
counter balanced.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00015.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/23ceb8462dc6f4b4decdb5536a7e5fc477cdf0b6
https://git.kernel.org/stable/c/30410519328c94367e561fd878e5f0d3a0303585
https://git.kernel.org/stable/c/a45fc41beed8e0fe31864619c34aa00797fb60c1
https://git.kernel.org/stable/c/d57ff04e0ed6f3be1682ae861ead33f879225e07
https://lore.kernel.org/linux-cve-announce/2024022821-CVE-2020-36784-a266@gregkh/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2020-36784
https://www.cve.org/CVERecord?id=CVE-2020-36784

History

Fri, 06 Dec 2024 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Tue, 05 Nov 2024 08:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-02-28T08:13:05.418Z

Updated: 2025-05-04T06:58:52.728Z

Reserved: 2024-02-26T17:07:27.435Z

Link: CVE-2020-36784

Vulnrichment

Updated: 2024-08-04T17:37:07.220Z

NVD

Status : Analyzed

Published: 2024-02-28T09:15:36.883

Modified: 2024-12-06T17:37:59.973

Link: CVE-2020-36784

Redhat

Severity : Low

Publid Date: 2024-02-28T00:00:00Z

Links: CVE-2020-36784 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object