Linux Kernel up to 5.10.35/5.11.19/5.12/5.12.2 cpufreq_cooling cpu_power_to_freq out-of-bounds

Summaryinfo

A vulnerability described as problematic has been identified in Linux Kernel up to 5.10.35/5.11.19/5.12/5.12.2. Affected is the function cpu_power_to_freq of the component cpufreq_cooling. Such manipulation leads to out-of-bounds. This vulnerability is traded as CVE-2020-36776. There is no exploit available. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability was found in Linux Kernel up to 5.10.35/5.11.19/5.12/5.12.2 (Operating System). It has been rated as problematic. Affected by this issue is the function cpu_power_to_freq of the component cpufreq_cooling. The manipulation with an unknown input leads to a out-of-bounds vulnerability. Using CWE to declare the problem leads to CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. Impacted is confidentiality. CVE summarizes:

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/cpufreq_cooling: Fix slab OOB issue Slab OOB issue is scanned by KASAN in cpu_power_to_freq(). If power is limited below the power of OPP0 in EM table, it will cause slab out-of-bound issue with negative array index. Return the lowest frequency if limited power cannot found a suitable OPP in EM table to fix this issue. Backtrace: [] die+0x104/0x5ac [] bug_handler+0x64/0xd0 [] brk_handler+0x160/0x258 [] do_debug_exception+0x248/0x3f0 [] el1_dbg+0x14/0xbc [] __kasan_report+0x1dc/0x1e0 [] kasan_report+0x10/0x20 [] __asan_report_load8_noabort+0x18/0x28 [] cpufreq_power2state+0x180/0x43c [] power_actor_set_power+0x114/0x1d4 [] allocate_power+0xaec/0xde0 [] power_allocator_throttle+0x3ec/0x5a4 [] handle_thermal_trip+0x160/0x294 [] thermal_zone_device_check+0xe4/0x154 [] process_one_work+0x5e4/0xe28 [] worker_thread+0xa4c/0xfac [] kthread+0x33c/0x358 [] ret_from_fork+0xc/0x18

The weakness was shared 02/27/2024. The advisory is shared for download at git.kernel.org. This vulnerability is handled as CVE-2020-36776 since 02/26/2024. There are known technical details, but no exploit is available.

Upgrading to version 5.10.36, 5.11.20, 5.12.3 or 5.13 eliminates this vulnerability. Applying the patch c24a20912eef/876a5f33e5d9/6bf443acf6ca/34ab17cc6c2c is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 5.0
• 5.1
• 5.2
• 5.3
• 5.4
• 5.5
• 5.6
• 5.7
• 5.8
• 5.9
• 5.10
• 5.10.0
• 5.10.1
• 5.10.2
• 5.10.3
• 5.10.4
• 5.10.5
• 5.10.6
• 5.10.7
• 5.10.8
• 5.10.9
• 5.10.10
• 5.10.11
• 5.10.12
• 5.10.13
• 5.10.14
• 5.10.15
• 5.10.16
• 5.10.17
• 5.10.18
• 5.10.19
• 5.10.20
• 5.10.21
• 5.10.22
• 5.10.23
• 5.10.24
• 5.10.25
• 5.10.26
• 5.10.27
• 5.10.28
• 5.10.29
• 5.10.30
• 5.10.31
• 5.10.32
• 5.10.33
• 5.10.34
• 5.10.35
• 5.11
• 5.11.0
• 5.11.1
• 5.11.2
• 5.11.3
• 5.11.4
• 5.11.5
• 5.11.6
• 5.11.7
• 5.11.8
• 5.11.9
• 5.11.10
• 5.11.11
• 5.11.12
• 5.11.13
• 5.11.14
• 5.11.15
• 5.11.16
• 5.11.17
• 5.11.18
• 5.11.19
• 5.12
• 5.12.0
• 5.12.1
• 5.12.2

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion