VDB
CVE-2020-36784
CVE-2020-36784
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: i2c: cadence: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in functions cdns_i2c_master_xfer and cdns_reg_slave. However, pm_runtime_get_sync will increment pm usage counter even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced.
EPSS 0.02% · 3.4th percentile
Risk Scores
EPSS Score
0.02%
3.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:FIPS-updates:18.04:LTS | linux-gcp-fips | 4.15.0-2087.93, 4.15.0-2076.81, 4.15.0-2075.80 |
| Ubuntu:18.04:LTS | linux-aws-5.0 | 5.0.0-1027.30, 5.0.0-1025.28, 5.0.0-1024.27~18.04.1 |
| Ubuntu:22.04:LTS | linux-azure-6.2 | 6.2.0-1009.9~22.04.3, 6.2.0-1011.11~22.04.1, 0 |
| Ubuntu:Pro:20.04:LTS | linux-azure | 5.4.0-1135.142, 5.4.0-1136.143, 5.4.0-1137.144 |
| Ubuntu:Pro:18.04:LTS | linux-gcp-4.15 | 4.15.0-1120.134, 4.15.0-1094.107, 4.15.0-1092.105 |
| Ubuntu:Pro:FIPS-updates:18.04:LTS | linux-aws-fips | 4.15.0-2087.93, 4.15.0-2078.83, 4.15.0-2079.84 |
| Ubuntu:18.04:LTS | linux-azure-5.3 | *, *, * |
| Ubuntu:Pro:14.04:LTS | linux-azure | *, *, * |
| Ubuntu:18.04:LTS | linux-hwe | 5.3.0-46.38~18.04.1, 5.3.0-42.34~18.04.1, 5.3.0-28.30~18.04.1 |
| Ubuntu:Pro:FIPS:20.04:LTS | linux-gcp-fips | 0, 5.4.0-1021.21+fips1 |
| Ubuntu:18.04:LTS | linux-gke-5.4 | 5.4.0-1030.32~18.04.1, *, * |
| Ubuntu:18.04:LTS | linux-azure-edge | 4.18.0-1008.8~18.04.1, *, 4.18.0-1007.7~18.04.1 |
| Ubuntu:18.04:LTS | linux-oem | 4.15.0-1013.16, 4.15.0-1015.18, 4.15.0-1017.20 |
| Ubuntu:22.04:LTS | linux-riscv | 5.15.0-1006.6, 5.15.0-1007.7, 5.15.0-1008.8 |
| Ubuntu:22.04:LTS | linux-aws-5.19 | 5.19.0-1028.29~22.04.1, 5.19.0-1029.30~22.04.1, * |
| Ubuntu:22.04:LTS | linux-azure-5.19 | *, *, * |
| Ubuntu:20.04:LTS | linux-aws-5.8 | 5.8.0-1035.37~20.04.1, *, 5.8.0-1042.44~20.04.1 |
| Ubuntu:18.04:LTS | linux-azure | 4.15.0-1021.21, 4.15.0-1019.19, 4.15.0-1018.18 |
| Ubuntu:Pro:18.04:LTS | linux-raspi-5.4 | *, 5.4.0-1086.97~18.04.1, 5.4.0-1089.100~18.04.1 |
| Ubuntu:22.04:LTS | linux-azure-fde-5.19 | 5.19.0-1027.30~22.04.2.1, 5.19.0-1026.29~22.04.1.1, 0 |
…and 94 more
Exploit Intelligence
- CIRCL seen: CVE-2020-36784 (circl-sighting)
- CIRCL seen: CVE-2020-36784 (circl-sighting)
- https://git.kernel.org/stable/c/30410519328c94367e561fd878e5f0d3a0303585 (circl)
- https://git.kernel.org/stable/c/d57ff04e0ed6f3be1682ae861ead33f879225e07 (circl)
- https://git.kernel.org/stable/c/a45fc41beed8e0fe31864619c34aa00797fb60c1 (circl)
- https://git.kernel.org/stable/c/23ceb8462dc6f4b4decdb5536a7e5fc477cdf0b6 (circl)
Timeline
- Feb 28, 2024 CVE Published
- Feb 29, 2024 EPSS Score
- Feb 29, 2024 PoC Published
- Mar 27, 2024 EPSS Score
- Apr 22, 2024 EPSS Score
- May 19, 2024 EPSS Score
- Jun 14, 2024 EPSS Score
- Jul 11, 2024 EPSS Score
- Aug 7, 2024 EPSS Score
- Sep 2, 2024 EPSS Score
- Sep 29, 2024 EPSS Score
- Oct 25, 2024 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-36784 third-party-advisory
- https://git.kernel.org/linus/23ceb8462dc6f4b4decdb5536a7e5fc477cdf0b6 third-party-advisory
- https://git.kernel.org/stable/c/30410519328c94367e561fd878e5f0d3a0303585 third-party-advisory
- https://git.kernel.org/stable/c/d57ff04e0ed6f3be1682ae861ead33f879225e07 third-party-advisory
- https://git.kernel.org/stable/c/a45fc41beed8e0fe31864619c34aa00797fb60c1 third-party-advisory
- https://git.kernel.org/stable/c/23ceb8462dc6f4b4decdb5536a7e5fc477cdf0b6 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-36784 third-party-advisory