Bugzilla – Bug 1220555
VUL-0: CVE-2020-36778: kernel: i2c: xiic: reference leak in xiic_xfer() and xiic_i2c_remove() when pm_runtime_get_sync fails()
Last modified: 2024-02-28 12:28:28 UTC
In the Linux kernel, the following vulnerability has been resolved: i2c: xiic: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in xiic_xfer and xiic_i2c_remove. However, pm_runtime_get_sync will increment the PM reference count even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36778 https://www.cve.org/CVERecord?id=CVE-2020-36778 https://git.kernel.org/stable/c/a42ac16e6573f19c78f556ea292f5b534fcc4514 https://git.kernel.org/stable/c/a85c5c7a3aa8041777ff691400b4046e56149fd3 https://git.kernel.org/stable/c/c977426db644ba476938125597947979e8aba725 https://git.kernel.org/stable/c/e2ba996577eaea423694dc69ae43d56f1410a22b
We have 10b17004a74c ("i2c: xiic: Fix the clocking across bind unbind") in cve/linux-5.14, SLE15-SP6, stable and master, all of which have the fix. Closing.