CVE-2020-36784 - Vulnerability Details

- i2c: cadence: fix reference leak when pm_runtime_get_sync fails

Description

In the Linux kernel, the following vulnerability has been resolved:

i2c: cadence: fix reference leak when pm_runtime_get_sync fails

The PM reference count is not expected to be incremented on
return in functions cdns_i2c_master_xfer and cdns_reg_slave.

However, pm_runtime_get_sync will increment pm usage counter
even failed. Forgetting to putting operation will result in a
reference leak here.

Replace it with pm_runtime_resume_and_get to keep usage
counter balanced.

Published: 2024-02-28

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`7fa32329ca03148fb2c07b4ef3247b8fc0488d6a`	affected	< 30410519328c94367e561fd878e5f0d3a0303585
`7fa32329ca03148fb2c07b4ef3247b8fc0488d6a`	affected	< d57ff04e0ed6f3be1682ae861ead33f879225e07
`7fa32329ca03148fb2c07b4ef3247b8fc0488d6a`	affected	< a45fc41beed8e0fe31864619c34aa00797fb60c1
`7fa32329ca03148fb2c07b4ef3247b8fc0488d6a`	affected	< 23ceb8462dc6f4b4decdb5536a7e5fc477cdf0b6

Linux

affected

Version	Status	Constraints
`4.5`	affected	—
`0`	unaffected	< 4.5
`5.10.37`	unaffected	≤ 5.10.*
`5.11.21`	unaffected	≤ 5.11.*
`5.12.4`	unaffected	≤ 5.12.*
`5.13`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00015.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://git.kernel.org/stable/c/23ceb8462dc6f4b4decdb5536a7e5fc477cdf0b6
https://git.kernel.org/stable/c/30410519328c94367e561fd878e5f0d3a0303585
https://git.kernel.org/stable/c/a45fc41beed8e0fe31864619c34aa00797fb60c1
https://git.kernel.org/stable/c/d57ff04e0ed6f3be1682ae861ead33f879225e07
https://lore.kernel.org/linux-cve-announce/2024022821-CVE-2020-36784-a266@gregkh/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2020-36784
https://www.cve.org/CVERecord?id=CVE-2020-36784

History

Fri, 06 Dec 2024 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Tue, 05 Nov 2024 08:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-02-28T08:13:05.418Z

Updated: 2026-05-11T13:42:50.017Z

Reserved: 2024-02-26T17:07:27.435Z

Link: CVE-2020-36784

Vulnrichment

Updated: 2024-08-04T17:37:07.220Z

NVD

Status : Analyzed

Published: 2024-02-28T09:15:36.883

Modified: 2024-12-06T17:37:59.973

Link: CVE-2020-36784

Redhat

Severity : Low

Publid Date: 2024-02-28T00:00:00Z

Links: CVE-2020-36784 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object