CVE-2020-36779

low-risk
Published 2024-02-28

In the Linux kernel, the following vulnerability has been resolved: i2c: stm32f7: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in these stm32f7_i2c_xx serious functions. However, pm_runtime_get_sync will increment the PM reference count even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Linux

References (8)

Patch https://git.kernel.org/stable/c/2c662660ce2bd3b09dae21a9a9ac9395e1e6c00b
Patch https://git.kernel.org/stable/c/c323b270a52a26aa8038a4d1fd9a850904a41166
Patch https://git.kernel.org/stable/c/c7ea772c9fcf711ed566814b92eecaffc0e2bfd0
Patch https://git.kernel.org/stable/c/d791b90f5c5e5aa8ccf9e33386c16bd2b7e333a4
Patch https://git.kernel.org/stable/c/2c662660ce2bd3b09dae21a9a9ac9395e1e6c00b
Patch https://git.kernel.org/stable/c/c323b270a52a26aa8038a4d1fd9a850904a41166
Patch https://git.kernel.org/stable/c/c7ea772c9fcf711ed566814b92eecaffc0e2bfd0
Patch https://git.kernel.org/stable/c/d791b90f5c5e5aa8ccf9e33386c16bd2b7e333a4
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal