CVE-2020-36777: media: dvbdev: Fix memory leak in dvb_media_device_free()
In the Linux kernel, the following vulnerability has been resolved:
media: dvbdev: Fix memory leak in dvbmediadevicefree()
dvbmediadevicefree() is leaking memory. Free dvbdev->adapter->conn before setting it to NULL, as documented in include/media/media-device.h: "The mediaentity instance itself must be freed explicitly by the driver if required."
Other sources
In the Linux kernel, the following vulnerability has been resolved:
media: dvbdev: Fix memory leak in dvbmediadevicefree()
The Linux kernel CVE team has assigned CVE-2020-36777 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/20240227184057.2368370-2-gregkh@linuxfoundation.org/T/#u
— Red Hat
Linux Kernel s vulnerable to a denial of service, caused by a memory leak flaw in the dvbmediadevicefree() function. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2020-36777?
CVE-2020-36777 has a severity rating that indicates it could lead to memory leaks in the Linux kernel.
How do I fix CVE-2020-36777?
To fix CVE-2020-36777, upgrade to kernel versions 4.9.269, 4.14.233, 4.19.191, 5.4.118, 5.10.36, 5.11.20, 5.12.3, or 5.13.
Which software is affected by CVE-2020-36777?
CVE-2020-36777 affects various versions of the Linux kernel prior to the specified remedies.
Is there a patch available for CVE-2020-36777?
Yes, patches for CVE-2020-36777 are included in the remedial kernel versions mentioned.
What components are involved in CVE-2020-36777?
CVE-2020-36777 involves the media subsystem in the Linux kernel, specifically relating to memory management.