{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2020-36776","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-26T17:07:27.434Z","datePublished":"2024-02-27T18:40:25.615Z","dateUpdated":"2025-05-04T12:40:32.375Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T12:40:32.375Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/drivers/cpufreq_cooling: Fix slab OOB issue\n\nSlab OOB issue is scanned by KASAN in cpu_power_to_freq().\nIf power is limited below the power of OPP0 in EM table,\nit will cause slab out-of-bound issue with negative array\nindex.\n\nReturn the lowest frequency if limited power cannot found\na suitable OPP in EM table to fix this issue.\n\nBacktrace:\n[<ffffffd02d2a37f0>] die+0x104/0x5ac\n[<ffffffd02d2a5630>] bug_handler+0x64/0xd0\n[<ffffffd02d288ce4>] brk_handler+0x160/0x258\n[<ffffffd02d281e5c>] do_debug_exception+0x248/0x3f0\n[<ffffffd02d284488>] el1_dbg+0x14/0xbc\n[<ffffffd02d75d1d4>] __kasan_report+0x1dc/0x1e0\n[<ffffffd02d75c2e0>] kasan_report+0x10/0x20\n[<ffffffd02d75def8>] __asan_report_load8_noabort+0x18/0x28\n[<ffffffd02e6fce5c>] cpufreq_power2state+0x180/0x43c\n[<ffffffd02e6ead80>] power_actor_set_power+0x114/0x1d4\n[<ffffffd02e6fac24>] allocate_power+0xaec/0xde0\n[<ffffffd02e6f9f80>] power_allocator_throttle+0x3ec/0x5a4\n[<ffffffd02e6ea888>] handle_thermal_trip+0x160/0x294\n[<ffffffd02e6edd08>] thermal_zone_device_check+0xe4/0x154\n[<ffffffd02d351cb4>] process_one_work+0x5e4/0xe28\n[<ffffffd02d352f44>] worker_thread+0xa4c/0xfac\n[<ffffffd02d360124>] kthread+0x33c/0x358\n[<ffffffd02d289940>] ret_from_fork+0xc/0x18"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/thermal/cpufreq_cooling.c"],"versions":[{"version":"371a3bc79c11b707d7a1b7a2c938dc3cc042fffb","lessThan":"c24a20912eef00587416628149c438e885eb1304","status":"affected","versionType":"git"},{"version":"371a3bc79c11b707d7a1b7a2c938dc3cc042fffb","lessThan":"876a5f33e5d961d879c5436987c09b3d9ef70379","status":"affected","versionType":"git"},{"version":"371a3bc79c11b707d7a1b7a2c938dc3cc042fffb","lessThan":"6bf443acf6ca4f666d0e4225614ba9993a3aa1a9","status":"affected","versionType":"git"},{"version":"371a3bc79c11b707d7a1b7a2c938dc3cc042fffb","lessThan":"34ab17cc6c2c1ac93d7e5d53bb972df9a968f085","status":"affected","versionType":"git"},{"version":"39e0651cac9c80865b2838f297f95ffc0f34a1d8","status":"affected","versionType":"git"},{"version":"febe56f21371ba1e51e8586c3ddf8f54fc62fe61","status":"affected","versionType":"git"},{"version":"d3b7bacd1115400b94482dfc7efffc175c29b831","status":"affected","versionType":"git"},{"version":"9006b543384ab10902819364c1205f11a1458571","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/thermal/cpufreq_cooling.c"],"versions":[{"version":"5.8","status":"affected"},{"version":"0","lessThan":"5.8","status":"unaffected","versionType":"semver"},{"version":"5.10.36","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.11.20","lessThanOrEqual":"5.11.*","status":"unaffected","versionType":"semver"},{"version":"5.12.3","lessThanOrEqual":"5.12.*","status":"unaffected","versionType":"semver"},{"version":"5.13","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8","versionEndExcluding":"5.10.36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8","versionEndExcluding":"5.11.20"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8","versionEndExcluding":"5.12.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8","versionEndExcluding":"5.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.189"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.134"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.53"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.8"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/c24a20912eef00587416628149c438e885eb1304"},{"url":"https://git.kernel.org/stable/c/876a5f33e5d961d879c5436987c09b3d9ef70379"},{"url":"https://git.kernel.org/stable/c/6bf443acf6ca4f666d0e4225614ba9993a3aa1a9"},{"url":"https://git.kernel.org/stable/c/34ab17cc6c2c1ac93d7e5d53bb972df9a968f085"}],"title":"thermal/drivers/cpufreq_cooling: Fix slab OOB issue","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T17:37:07.187Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/c24a20912eef00587416628149c438e885eb1304","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/876a5f33e5d961d879c5436987c09b3d9ef70379","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/6bf443acf6ca4f666d0e4225614ba9993a3aa1a9","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/34ab17cc6c2c1ac93d7e5d53bb972df9a968f085","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2020-36776","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T16:01:54.528476Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:33:56.075Z"}}]}}