CVE-2020-36783 : In the Linux kernel, the following vulnerability has been resolved: i2c: img-sc

In the Linux kernel, the following vulnerability has been resolved: i2c: img-scb: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in functions img_i2c_xfer and img_i2c_init. However, pm_runtime_get_sync will increment the PM reference count even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced.

Published 2024-02-28 09:15:37

Updated 2024-12-06 17:37:44

Source Linux

View at NVD, CVE.org

Products affected by CVE-2020-36783

Linux » Linux Kernel
Versions from including (>=) 4.15 and before (<) 5.4.119
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.5 and before (<) 5.10.37
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.11.21
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.12 and before (<) 5.12.4
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-36783

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 12 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-36783

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST	2024-12-06
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

References for CVE-2020-36783

https://git.kernel.org/stable/c/4734c4b1d9573c9d20bbc46cf37dde095ee011b8

i2c: img-scb: fix reference leak when pm_runtime_get_sync fails - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/e80ae8bde41266d3b8bf012460b6593851766006

i2c: img-scb: fix reference leak when pm_runtime_get_sync fails - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/7ee35cde1e810ad6ca589980b9ec2b7b62946a5b

i2c: img-scb: fix reference leak when pm_runtime_get_sync fails - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/96c4a03658d661666c360959aa80cdabfe2972ed

i2c: img-scb: fix reference leak when pm_runtime_get_sync fails - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/223125e37af8a641ea4a09747a6a52172fc4b903

i2c: img-scb: fix reference leak when pm_runtime_get_sync fails - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2020-36783

Products affected by CVE-2020-36783

Exploit prediction scoring system (EPSS) score for CVE-2020-36783

CVSS scores for CVE-2020-36783

References for CVE-2020-36783