| The Linux kernel vulnerability CVE-2020-36777 is a memory leak issue in the `dvb_media_device_free()` function. Specifically, the `dvbdev->adapter->conn` object is not properly freed before being set to NULL, leading to a memory leak. This issue is documented in the `include/media/media-device.h` file, which states that the media entity instance must be explicitly freed by the driver if required. |
| |
| The vulnerability was introduced in kernel version 4.5 with commit 0230d60e4661 and has been fixed in multiple subsequent kernel versions, including 4.9.269, 4.14.233, 4.19.191, 5.4.118, 5.10.36, 5.11.20, 5.12.3, and 5.13. |
| |
| The affected file is `drivers/media/dvb-core/dvbdev.c`. The Linux kernel CVE team recommends updating to the latest stable kernel version to fix this issue, as well as other bugfixes. If updating to the latest release is not possible, individual changes can be cherry-picked from the commits listed in the mitigation section. |
| |
| In summary, this vulnerability is a memory leak issue in the `dvb_media_device_free()` function that was introduced in kernel version 4.5 and has been fixed in multiple subsequent kernel versions. It affects the `drivers/media/dvb-core/dvbdev.c` file and can be mitigated by updating to the latest stable kernel version or cherry-picking individual fixes from the listed commits. |
| |
