CVE-2020-36777

In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: Fix memory leak in dvb_media_device_free() dvb_media_device_free() is leaking memory. Free `dvbdev->adapter->conn` before setting it to NULL, as documented in include/media/media-device.h: "The media_entity instance itself must be freed explicitly by the driver if required."

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/06854b943e0571ccbd7ad0a529babed1a98ff275	Patch
https://git.kernel.org/stable/c/32168ca1f123316848fffb85d059860adf3c409f	Patch
https://git.kernel.org/stable/c/43263fd43083e412311fa764cd04a727b0c6a749	Patch
https://git.kernel.org/stable/c/9185b3b1c143b8da409c19ac5a785aa18d67a81b	Patch
https://git.kernel.org/stable/c/9ad15e214fcd73694ea51967d86055f47b802066	Patch
https://git.kernel.org/stable/c/bf9a40ae8d722f281a2721779595d6df1c33a0bf	Patch
https://git.kernel.org/stable/c/cd89f79be5d553c78202f686e8e4caa5fbe94e98	Patch
https://git.kernel.org/stable/c/cede24d13be6c2a62be6d7ceea63c2719b0cfa82	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

10 Apr 2024, 19:32

Type	Values Removed	Values Added
First Time		Linux linux Kernel Linux
Summary		(es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: medios: dvbdev: corrige la pérdida de memoria en dvb_media_device_free() dvb_media_device_free() está perdiendo memoria. Libere `dvbdev->adapter->conn` antes de configurarlo en NULL, como se documenta en include/media/media-device.h: "La instancia media_entity debe ser liberada explícitamente por el controlador si es necesario".
CWE		CWE-401
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~() https://git.kernel.org/stable/c/06854b943e0571ccbd7ad0a529babed1a98ff275 -~~	() https://git.kernel.org/stable/c/06854b943e0571ccbd7ad0a529babed1a98ff275 - Patch
References	~~() https://git.kernel.org/stable/c/32168ca1f123316848fffb85d059860adf3c409f -~~	() https://git.kernel.org/stable/c/32168ca1f123316848fffb85d059860adf3c409f - Patch
References	~~() https://git.kernel.org/stable/c/43263fd43083e412311fa764cd04a727b0c6a749 -~~	() https://git.kernel.org/stable/c/43263fd43083e412311fa764cd04a727b0c6a749 - Patch
References	~~() https://git.kernel.org/stable/c/9185b3b1c143b8da409c19ac5a785aa18d67a81b -~~	() https://git.kernel.org/stable/c/9185b3b1c143b8da409c19ac5a785aa18d67a81b - Patch
References	~~() https://git.kernel.org/stable/c/9ad15e214fcd73694ea51967d86055f47b802066 -~~	() https://git.kernel.org/stable/c/9ad15e214fcd73694ea51967d86055f47b802066 - Patch
References	~~() https://git.kernel.org/stable/c/bf9a40ae8d722f281a2721779595d6df1c33a0bf -~~	() https://git.kernel.org/stable/c/bf9a40ae8d722f281a2721779595d6df1c33a0bf - Patch
References	~~() https://git.kernel.org/stable/c/cd89f79be5d553c78202f686e8e4caa5fbe94e98 -~~	() https://git.kernel.org/stable/c/cd89f79be5d553c78202f686e8e4caa5fbe94e98 - Patch
References	~~() https://git.kernel.org/stable/c/cede24d13be6c2a62be6d7ceea63c2719b0cfa82 -~~	() https://git.kernel.org/stable/c/cede24d13be6c2a62be6d7ceea63c2719b0cfa82 - Patch
CPE		cpe:2.3:o:linux:linux_kernel::::::::

27 Feb 2024, 19:04

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-27 19:04

Updated : 2024-04-10 19:32

NVD link : CVE-2020-36777

Mitre link : CVE-2020-36777

CVE.ORG link : CVE-2020-36777

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10