CVE-2020-36784

Summary

In the Linux kernel, the following vulnerability has been resolved:

i2c: cadence: fix reference leak when pm_runtime_get_sync fails

The PM reference count is not expected to be incremented on return in functions cdns_i2c_master_xfer and cdns_reg_slave.

However, pm_runtime_get_sync will increment pm usage counter even failed. Forgetting to putting operation will result in a reference leak here.

Replace it with pm_runtime_resume_and_get to keep usage counter balanced.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7fa32329ca03148fb2c07b4ef3247b8fc0488d6a < 30410519328c94367e561fd878e5f0d3a0303585affected
LinuxLinux7fa32329ca03148fb2c07b4ef3247b8fc0488d6a < d57ff04e0ed6f3be1682ae861ead33f879225e07affected
LinuxLinux7fa32329ca03148fb2c07b4ef3247b8fc0488d6a < a45fc41beed8e0fe31864619c34aa00797fb60c1affected
LinuxLinux7fa32329ca03148fb2c07b4ef3247b8fc0488d6a < 23ceb8462dc6f4b4decdb5536a7e5fc477cdf0b6affected
LinuxLinux4.5affected
LinuxLinux0 < 4.5unaffected
LinuxLinux5.10.37 <= 5.10.*unaffected
LinuxLinux5.11.21 <= 5.11.*unaffected
LinuxLinux5.12.4 <= 5.12.*unaffected
LinuxLinux5.13 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References