| The vulnerability, identified as CVE-2020-36782, occurs in the Linux kernel's i2c-imx-lpi2c driver. Specifically, it affects the `lpi2c_imx_master_enable` function, which is responsible for enabling the I2C master controller on IMX SoCs (System-on-Chip). The issue arises when `pm_runtime_get_sync` fails, causing a reference leak. |
| |
| When `pm_runtime_get_sync` returns an error, it increments the power management (PM) reference count. However, in this case, the function forgets to decrement the PM reference count, leading to a reference leak. This is because `pm_runtime_get_sync` increments the PM reference count even when it fails. |
| |
| To fix this issue, the kernel developers replaced `pm_runtime_get_sync` with `pm_runtime_resume_and_get`, which ensures that the usage counter remains balanced. This change prevents the reference leak and resolves the vulnerability. |
| |
| The affected files are limited to `drivers/i2c/busses/i2c-imx-lpi2c.c`. The issue was introduced in kernel version 4.16 (commit 13d6eb20fc79) and fixed in various subsequent versions, including 5.4.119 (commit 815859cb1d23), 5.10.37 (commit cc49d2064142), 5.11.21 (commit bb300acc867e), 5.12.4 (commit b100650d80cd), and 5.13 (commit 278e5bbdb9a9). |
| |
