CVE-2020-36776

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-36776

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-36776.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-36776

Related

UBUNTU-CVE-2020-36776

Published

2024-02-27T19:04:05Z

Modified

2024-11-21T05:30:17Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

thermal/drivers/cpufreq_cooling: Fix slab OOB issue

Slab OOB issue is scanned by KASAN in cpupowerto_freq(). If power is limited below the power of OPP0 in EM table, it will cause slab out-of-bound issue with negative array index.

Return the lowest frequency if limited power cannot found a suitable OPP in EM table to fix this issue.

Backtrace: [<ffffffd02d2a37f0>] die+0x104/0x5ac [<ffffffd02d2a5630>] bughandler+0x64/0xd0 [<ffffffd02d288ce4>] brkhandler+0x160/0x258 [<ffffffd02d281e5c>] dodebugexception+0x248/0x3f0 [<ffffffd02d284488>] el1dbg+0x14/0xbc [<ffffffd02d75d1d4>] _kasanreport+0x1dc/0x1e0 [<ffffffd02d75c2e0>] kasanreport+0x10/0x20 [<ffffffd02d75def8>] _asanreportload8noabort+0x18/0x28 [<ffffffd02e6fce5c>] cpufreqpower2state+0x180/0x43c [<ffffffd02e6ead80>] poweractorsetpower+0x114/0x1d4 [<ffffffd02e6fac24>] allocatepower+0xaec/0xde0 [<ffffffd02e6f9f80>] powerallocatorthrottle+0x3ec/0x5a4 [<ffffffd02e6ea888>] handlethermaltrip+0x160/0x294 [<ffffffd02e6edd08>] thermalzonedevicecheck+0xe4/0x154 [<ffffffd02d351cb4>] processonework+0x5e4/0xe28 [<ffffffd02d352f44>] workerthread+0xa4c/0xfac [<ffffffd02d360124>] kthread+0x33c/0x358 [<ffffffd02d289940>] retfrom_fork+0xc/0x18

References

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.38-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.38-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.38-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}