#VU88216 Memory leak in Linux kernel - CVE-2020-36784


Vulnerability identifier: #VU88216

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-36784

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due a reference leak in drivers/i2c/busses/i2c-cadence.c. A local user can perform a denial of service attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/30410519328c94367e561fd878e5f0d3a0303585
https://git.kernel.org/stable/c/d57ff04e0ed6f3be1682ae861ead33f879225e07
https://git.kernel.org/stable/c/a45fc41beed8e0fe31864619c34aa00797fb60c1
https://git.kernel.org/stable/c/23ceb8462dc6f4b4decdb5536a7e5fc477cdf0b6

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell Data Protection Central
Multiple vulnerabilities in Dell Storage Resource Manager (SRM) and Dell Storage Monitoring and Reporting (SMR)
Multiple vulnerabilities in Dell Cloud Tiering Appliance
Multiple vulnerabilities in Dell Secure Connect Gateway
openEuler 20.03 LTS SP4 update for kernel
openEuler 20.03 LTS SP1 update for kernel
Local denial of service in Linux kernel i2c driver