CVE-2020-36776

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/cpufreq_cooling: Fix slab OOB issue Slab OOB issue is scanned by KASAN in cpu_power_to_freq(). If power is limited below the power of OPP0 in EM table, it will cause slab out-of-bound issue with negative array index. Return the lowest frequency if limited power cannot found a suitable OPP in EM table to fix this issue. Backtrace: [<ffffffd02d2a37f0>] die+0x104/0x5ac [<ffffffd02d2a5630>] bug_handler+0x64/0xd0 [<ffffffd02d288ce4>] brk_handler+0x160/0x258 [<ffffffd02d281e5c>] do_debug_exception+0x248/0x3f0 [<ffffffd02d284488>] el1_dbg+0x14/0xbc [<ffffffd02d75d1d4>] __kasan_report+0x1dc/0x1e0 [<ffffffd02d75c2e0>] kasan_report+0x10/0x20 [<ffffffd02d75def8>] __asan_report_load8_noabort+0x18/0x28 [<ffffffd02e6fce5c>] cpufreq_power2state+0x180/0x43c [<ffffffd02e6ead80>] power_actor_set_power+0x114/0x1d4 [<ffffffd02e6fac24>] allocate_power+0xaec/0xde0 [<ffffffd02e6f9f80>] power_allocator_throttle+0x3ec/0x5a4 [<ffffffd02e6ea888>] handle_thermal_trip+0x160/0x294 [<ffffffd02e6edd08>] thermal_zone_device_check+0xe4/0x154 [<ffffffd02d351cb4>] process_one_work+0x5e4/0xe28 [<ffffffd02d352f44>] worker_thread+0xa4c/0xfac [<ffffffd02d360124>] kthread+0x33c/0x358 [<ffffffd02d289940>] ret_from_fork+0xc/0x18

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/34ab17cc6c2c1ac93d7e5d53bb972df9a968f085	Patch
https://git.kernel.org/stable/c/6bf443acf6ca4f666d0e4225614ba9993a3aa1a9	Patch
https://git.kernel.org/stable/c/876a5f33e5d961d879c5436987c09b3d9ef70379	Patch
https://git.kernel.org/stable/c/c24a20912eef00587416628149c438e885eb1304	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2024-02-27 19:04

Updated : 2024-04-10 19:34

NVD link : CVE-2020-36776

Mitre link : CVE-2020-36776

CVE.ORG link : CVE-2020-36776

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-129

Improper Validation of Array Index

{"id": "CVE-2020-36776", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-02-27T19:04:05.693", "references": [{"url": "https://git.kernel.org/stable/c/34ab17cc6c2c1ac93d7e5d53bb972df9a968f085", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6bf443acf6ca4f666d0e4225614ba9993a3aa1a9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/876a5f33e5d961d879c5436987c09b3d9ef70379", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c24a20912eef00587416628149c438e885eb1304", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-129"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/drivers/cpufreq_cooling: Fix slab OOB issue\n\nSlab OOB issue is scanned by KASAN in cpu_power_to_freq().\nIf power is limited below the power of OPP0 in EM table,\nit will cause slab out-of-bound issue with negative array\nindex.\n\nReturn the lowest frequency if limited power cannot found\na suitable OPP in EM table to fix this issue.\n\nBacktrace:\n[<ffffffd02d2a37f0>] die+0x104/0x5ac\n[<ffffffd02d2a5630>] bug_handler+0x64/0xd0\n[<ffffffd02d288ce4>] brk_handler+0x160/0x258\n[<ffffffd02d281e5c>] do_debug_exception+0x248/0x3f0\n[<ffffffd02d284488>] el1_dbg+0x14/0xbc\n[<ffffffd02d75d1d4>] __kasan_report+0x1dc/0x1e0\n[<ffffffd02d75c2e0>] kasan_report+0x10/0x20\n[<ffffffd02d75def8>] __asan_report_load8_noabort+0x18/0x28\n[<ffffffd02e6fce5c>] cpufreq_power2state+0x180/0x43c\n[<ffffffd02e6ead80>] power_actor_set_power+0x114/0x1d4\n[<ffffffd02e6fac24>] allocate_power+0xaec/0xde0\n[<ffffffd02e6f9f80>] power_allocator_throttle+0x3ec/0x5a4\n[<ffffffd02e6ea888>] handle_thermal_trip+0x160/0x294\n[<ffffffd02e6edd08>] thermal_zone_device_check+0xe4/0x154\n[<ffffffd02d351cb4>] process_one_work+0x5e4/0xe28\n[<ffffffd02d352f44>] worker_thread+0xa4c/0xfac\n[<ffffffd02d360124>] kthread+0x33c/0x358\n[<ffffffd02d289940>] ret_from_fork+0xc/0x18"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Thermal/drivers/cpufreq_cooling: solucionar el problema de Slab OOB El problema de Slab OOB es escaneado por KASAN en cpu_power_to_freq(). Si la potencia se limita por debajo de la potencia de OPP0 en la tabla EM, provocar\u00e1 un problema de losa fuera de los l\u00edmites con un \u00edndice de matriz negativo. Devuelve la frecuencia m\u00e1s baja si la potencia limitada no puede encontrar un OPP adecuado en la tabla EM para solucionar este problema. Seguimiento inverso: [] die+0x104/0x5ac [] bug_handler+0x64/0xd0 [] brk_handler+0x160/0x258 [] do_debug_exception+0x 248/0x3f0 [] el1_dbg+0x14 /0xbc [] __kasan_report+0x1dc/0x1e0 [] kasan_report+0x10/0x20 [] __asan_report_load8_noabort+0x18/0x28 [] cpufreq_power2state+0x180/0x43c [] power_actor_set_power+0x114 /0x1d4 [] allocate_power+0xaec/0xde0 [] power_allocator_throttle+0x3ec/0x5a4 [] handle_thermal_trip+0x160/0x294 [] t\u00e9rmico _zone_device_check+0xe4/0x154 [] proceso_one_work+0x5e4 /0xe28 [] work_thread+0xa4c/0xfac [] kthread+0x33c/0x358 [] ret_from_fork+0xc/0x18"}], "lastModified": "2024-04-10T19:34:31.410", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B760ADC-7139-4E69-BD9F-4944140A9E34", "versionEndExcluding": "5.10.36", "versionStartIncluding": "5.8.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFB425F0-C28C-4B44-8B4C-AD512AA832DE", "versionEndExcluding": "5.11.20", "versionStartIncluding": "5.11.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3814FA3-8141-4313-A852-8C4212BE12AD", "versionEndExcluding": "5.12.3", "versionStartIncluding": "5.12.0"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}