{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2020-36786", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-26T17:07:27.435Z", "datePublished": "2024-02-28T08:13:06.648Z", "dateUpdated": "2024-12-19T07:25:33.025Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T07:25:33.025Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: [next] staging: media: atomisp: fix memory leak of object flash\n\nIn the case where the call to lm3554_platform_data_func returns an\nerror there is a memory leak on the error return path of object\nflash. Fix this by adding an error return path that will free\nflash and rename labels fail2 to fail3 and fail1 to fail2."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/staging/media/atomisp/i2c/atomisp-lm3554.c"], "versions": [{"version": "9289cdf399922a1bd801a8cd946a79581c00a380", "lessThan": "cc4cc2fb5aaf9adb83c02211eb13b16cfcb7ba64", "status": "affected", "versionType": "git"}, {"version": "9289cdf399922a1bd801a8cd946a79581c00a380", "lessThan": "4f0f37d03cde8f4341df8454f9b40a67fda94a33", "status": "affected", "versionType": "git"}, {"version": "9289cdf399922a1bd801a8cd946a79581c00a380", "lessThan": "27d2eab69f7da8e94e4751ac5c6d22d809275484", "status": "affected", "versionType": "git"}, {"version": "9289cdf399922a1bd801a8cd946a79581c00a380", "lessThan": "6045b01dd0e3cd3759eafe7f290ed04c957500b1", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/staging/media/atomisp/i2c/atomisp-lm3554.c"], "versions": [{"version": "5.10", "status": "affected"}, {"version": "0", "lessThan": "5.10", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.37", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.11.21", "lessThanOrEqual": "5.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.4", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/cc4cc2fb5aaf9adb83c02211eb13b16cfcb7ba64"}, {"url": "https://git.kernel.org/stable/c/4f0f37d03cde8f4341df8454f9b40a67fda94a33"}, {"url": "https://git.kernel.org/stable/c/27d2eab69f7da8e94e4751ac5c6d22d809275484"}, {"url": "https://git.kernel.org/stable/c/6045b01dd0e3cd3759eafe7f290ed04c957500b1"}], "title": "media: [next] staging: media: atomisp: fix memory leak of object flash", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:37:07.375Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/cc4cc2fb5aaf9adb83c02211eb13b16cfcb7ba64", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4f0f37d03cde8f4341df8454f9b40a67fda94a33", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/27d2eab69f7da8e94e4751ac5c6d22d809275484", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6045b01dd0e3cd3759eafe7f290ed04c957500b1", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-36786", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:01:18.066926Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:42.015Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/cc4cc2fb5aaf9adb83c02211eb13b16cfcb7ba64", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4f0f37d03cde8f4341df8454f9b40a67fda94a33", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/27d2eab69f7da8e94e4751ac5c6d22d809275484", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6045b01dd0e3cd3759eafe7f290ed04c957500b1", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:37:07.375Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-36786", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:01:18.066926Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:18.229Z"}}], "cna": {"title": "media: [next] staging: media: atomisp: fix memory leak of object flash", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "9289cdf399922a1bd801a8cd946a79581c00a380", "lessThan": "cc4cc2fb5aaf9adb83c02211eb13b16cfcb7ba64", "versionType": "git"}, {"status": "affected", "version": "9289cdf399922a1bd801a8cd946a79581c00a380", "lessThan": "4f0f37d03cde8f4341df8454f9b40a67fda94a33", "versionType": "git"}, {"status": "affected", "version": "9289cdf399922a1bd801a8cd946a79581c00a380", "lessThan": "27d2eab69f7da8e94e4751ac5c6d22d809275484", "versionType": "git"}, {"status": "affected", "version": "9289cdf399922a1bd801a8cd946a79581c00a380", "lessThan": "6045b01dd0e3cd3759eafe7f290ed04c957500b1", "versionType": "git"}], "programFiles": ["drivers/staging/media/atomisp/i2c/atomisp-lm3554.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.10"}, {"status": "unaffected", "version": "0", "lessThan": "5.10", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.37", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.11.21", "versionType": "semver", "lessThanOrEqual": "5.11.*"}, {"status": "unaffected", "version": "5.12.4", "versionType": "semver", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/staging/media/atomisp/i2c/atomisp-lm3554.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/cc4cc2fb5aaf9adb83c02211eb13b16cfcb7ba64"}, {"url": "https://git.kernel.org/stable/c/4f0f37d03cde8f4341df8454f9b40a67fda94a33"}, {"url": "https://git.kernel.org/stable/c/27d2eab69f7da8e94e4751ac5c6d22d809275484"}, {"url": "https://git.kernel.org/stable/c/6045b01dd0e3cd3759eafe7f290ed04c957500b1"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: [next] staging: media: atomisp: fix memory leak of object flash\n\nIn the case where the call to lm3554_platform_data_func returns an\nerror there is a memory leak on the error return path of object\nflash. Fix this by adding an error return path that will free\nflash and rename labels fail2 to fail3 and fail1 to fail2."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T07:25:33.025Z"}}}, "cveMetadata": {"cveId": "CVE-2020-36786", "state": "PUBLISHED", "dateUpdated": "2024-12-19T07:25:33.025Z", "dateReserved": "2024-02-26T17:07:27.435Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-28T08:13:06.648Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E433B72-3E3A-435E-9A66-80D28868BDF2", "versionEndExcluding": "5.10.37", "versionStartIncluding": "5.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CBB94EC-EC33-4464-99C5-03E5542715F0", "versionEndExcluding": "5.11.21", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8C7052F-1B7B-4327-9C2B-84EBF3243838", "versionEndExcluding": "5.12.4", "versionStartIncluding": "5.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: [next] staging: media: atomisp: fix memory leak of object flash\n\nIn the case where the call to lm3554_platform_data_func returns an\nerror there is a memory leak on the error return path of object\nflash. Fix this by adding an error return path that will free\nflash and rename labels fail2 to fail3 and fail1 to fail2."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: [siguiente] staging: media: atomisp: corrige la p\u00e9rdida de memoria del flash del objeto En el caso de que la llamada a lm3554_platform_data_func devuelva un error, hay una p\u00e9rdida de memoria en la ruta de retorno del error del destello del objeto. Solucione este problema agregando una ruta de retorno de error que liberar\u00e1 el flash y cambiar\u00e1 el nombre de las etiquetas de falla2 a falla3 y de falla1 a falla2."}], "id": "CVE-2020-36786", "lastModified": "2024-12-06T15:59:30.400", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-28T09:15:36.980", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/27d2eab69f7da8e94e4751ac5c6d22d809275484"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4f0f37d03cde8f4341df8454f9b40a67fda94a33"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6045b01dd0e3cd3759eafe7f290ed04c957500b1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cc4cc2fb5aaf9adb83c02211eb13b16cfcb7ba64"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/27d2eab69f7da8e94e4751ac5c6d22d809275484"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4f0f37d03cde8f4341df8454f9b40a67fda94a33"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6045b01dd0e3cd3759eafe7f290ed04c957500b1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cc4cc2fb5aaf9adb83c02211eb13b16cfcb7ba64"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: media: [next] staging: media: atomisp: fix memory leak of object flash", "id": "2266956", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266956"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-402", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmedia: [next] staging: media: atomisp: fix memory leak of object flash\nIn the case where the call to lm3554_platform_data_func returns an\nerror there is a memory leak on the error return path of object\nflash. Fix this by adding an error return path that will free\nflash and rename labels fail2 to fail3 and fail1 to fail2."], "name": "CVE-2020-36786", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-36786\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-36786\nhttps://lore.kernel.org/linux-cve-announce/2024022821-CVE-2020-36786-fa2b@gregkh/T/#u"], "threat_severity": "Low"}