Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: i2c: cadence: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in functions cdns_i2c_master_xfer and cdns_reg_slave. However, pm_runtime_get_sync will increment pm usage counter even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.5, < 5.10.37 |
References
- https://git.kernel.org/stable/c/23ceb8462dc6f4b4decdb5536a7e5fc477cdf0b6Patch
- https://git.kernel.org/stable/c/30410519328c94367e561fd878e5f0d3a0303585Patch
- https://git.kernel.org/stable/c/a45fc41beed8e0fe31864619c34aa00797fb60c1Patch
- https://git.kernel.org/stable/c/d57ff04e0ed6f3be1682ae861ead33f879225e07Patch
- https://git.kernel.org/stable/c/23ceb8462dc6f4b4decdb5536a7e5fc477cdf0b6Patch
- https://git.kernel.org/stable/c/30410519328c94367e561fd878e5f0d3a0303585Patch
- https://git.kernel.org/stable/c/a45fc41beed8e0fe31864619c34aa00797fb60c1Patch
- https://git.kernel.org/stable/c/d57ff04e0ed6f3be1682ae861ead33f879225e07Patch
FAQ
What is CVE-2020-36784?
CVE-2020-36784 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: i2c: cadence: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return...
How severe is CVE-2020-36784?
CVE-2020-36784 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-36784?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.