CVE-2020-36776
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
thermal/drivers/cpufreq_cooling: Fix slab OOB issue
Slab OOB issue is scanned by KASAN in cpu_power_to_freq(). If power is limited below the power of OPP0 in EM table, it will cause slab out-of-bound issue with negative array index.
Return the lowest frequency if limited power cannot found a suitable OPP in EM table to fix this issue.
Backtrace: [<ffffffd02d2a37f0>] die+0x104/0x5ac [<ffffffd02d2a5630>] bug_handler+0x64/0xd0 [<ffffffd02d288ce4>] brk_handler+0x160/0x258 [<ffffffd02d281e5c>] do_debug_exception+0x248/0x3f0 [<ffffffd02d284488>] el1_dbg+0x14/0xbc [<ffffffd02d75d1d4>] __kasan_report+0x1dc/0x1e0 [<ffffffd02d75c2e0>] kasan_report+0x10/0x20 [<ffffffd02d75def8>] __asan_report_load8_noabort+0x18/0x28 [<ffffffd02e6fce5c>] cpufreq_power2state+0x180/0x43c [<ffffffd02e6ead80>] power_actor_set_power+0x114/0x1d4 [<ffffffd02e6fac24>] allocate_power+0xaec/0xde0 [<ffffffd02e6f9f80>] power_allocator_throttle+0x3ec/0x5a4 [<ffffffd02e6ea888>] handle_thermal_trip+0x160/0x294 [<ffffffd02e6edd08>] thermal_zone_device_check+0xe4/0x154 [<ffffffd02d351cb4>] process_one_work+0x5e4/0xe28 [<ffffffd02d352f44>] worker_thread+0xa4c/0xfac [<ffffffd02d360124>] kthread+0x33c/0x358 [<ffffffd02d289940>] ret_from_fork+0xc/0x18
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 371a3bc79c11b707d7a1b7a2c938dc3cc042fffb < c24a20912eef00587416628149c438e885eb1304 | affected |
| Linux | Linux | 371a3bc79c11b707d7a1b7a2c938dc3cc042fffb < 876a5f33e5d961d879c5436987c09b3d9ef70379 | affected |
| Linux | Linux | 371a3bc79c11b707d7a1b7a2c938dc3cc042fffb < 6bf443acf6ca4f666d0e4225614ba9993a3aa1a9 | affected |
| Linux | Linux | 371a3bc79c11b707d7a1b7a2c938dc3cc042fffb < 34ab17cc6c2c1ac93d7e5d53bb972df9a968f085 | affected |
| Linux | Linux | 39e0651cac9c80865b2838f297f95ffc0f34a1d8 | affected |
| Linux | Linux | febe56f21371ba1e51e8586c3ddf8f54fc62fe61 | affected |
| Linux | Linux | d3b7bacd1115400b94482dfc7efffc175c29b831 | affected |
| Linux | Linux | 9006b543384ab10902819364c1205f11a1458571 | affected |
| Linux | Linux | 4.14.189 < 4.15 | affected |
| Linux | Linux | 4.19.134 < 4.20 | affected |
| Linux | Linux | 5.4.53 < 5.5 | affected |
| Linux | Linux | 5.7.8 < 5.8 | affected |
| Linux | Linux | 5.8 | affected |
| Linux | Linux | 0 < 5.8 | unaffected |
| Linux | Linux | 5.10.36 <= 5.10.* | unaffected |
| Linux | Linux | 5.11.20 <= 5.11.* | unaffected |
| Linux | Linux | 5.12.3 <= 5.12.* | unaffected |
| Linux | Linux | 5.13 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/c24a20912eef00587416628149c438e885eb1304
- https://git.kernel.org/stable/c/876a5f33e5d961d879c5436987c09b3d9ef70379
- https://git.kernel.org/stable/c/6bf443acf6ca4f666d0e4225614ba9993a3aa1a9
- https://git.kernel.org/stable/c/34ab17cc6c2c1ac93d7e5d53bb972df9a968f085
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/c24a20912eef00587416628149c438e885eb1304
- https://git.kernel.org/stable/c/876a5f33e5d961d879c5436987c09b3d9ef70379
- https://git.kernel.org/stable/c/6bf443acf6ca4f666d0e4225614ba9993a3aa1a9
- https://git.kernel.org/stable/c/34ab17cc6c2c1ac93d7e5d53bb972df9a968f085
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.