CVE-2020-36776

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-36776
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-36776.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-36776
Downstream
Published
2024-02-27T19:04:05.693Z
Modified
2026-03-13T00:41:27.172911Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

thermal/drivers/cpufreq_cooling: Fix slab OOB issue

Slab OOB issue is scanned by KASAN in cpupowerto_freq(). If power is limited below the power of OPP0 in EM table, it will cause slab out-of-bound issue with negative array index.

Return the lowest frequency if limited power cannot found a suitable OPP in EM table to fix this issue.

Backtrace: [<ffffffd02d2a37f0>] die+0x104/0x5ac [<ffffffd02d2a5630>] bughandler+0x64/0xd0 [<ffffffd02d288ce4>] brkhandler+0x160/0x258 [<ffffffd02d281e5c>] dodebugexception+0x248/0x3f0 [<ffffffd02d284488>] el1_dbg+0x14/0xbc [<ffffffd02d75d1d4>] __kasanreport+0x1dc/0x1e0 [<ffffffd02d75c2e0>] kasanreport+0x10/0x20 [<ffffffd02d75def8>] __asanreportload8noabort+0x18/0x28 [<ffffffd02e6fce5c>] cpufreqpower2state+0x180/0x43c [<ffffffd02e6ead80>] poweractorsetpower+0x114/0x1d4 [<ffffffd02e6fac24>] allocatepower+0xaec/0xde0 [<ffffffd02e6f9f80>] powerallocatorthrottle+0x3ec/0x5a4 [<ffffffd02e6ea888>] handlethermaltrip+0x160/0x294 [<ffffffd02e6edd08>] thermalzonedevicecheck+0xe4/0x154 [<ffffffd02d351cb4>] processonework+0x5e4/0xe28 [<ffffffd02d352f44>] workerthread+0xa4c/0xfac [<ffffffd02d360124>] kthread+0x33c/0x358 [<ffffffd02d289940>] retfromfork+0xc/0x18

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "5.8.0"
            },
            {
                "fixed": "5.10.36"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "5.11.0"
            },
            {
                "fixed": "5.11.20"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "5.12.0"
            },
            {
                "fixed": "5.12.3"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-36776.json"