vulnerability
Amazon Linux AMI 2: CVE-2020-36776: Security patch for kernel (ALASKERNEL-5.10-2022-002)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | 02/27/2024 | 05/28/2024 | 01/28/2025 |
Description
In the Linux kernel, the following vulnerability has been resolved:
thermal/drivers/cpufreq_cooling: Fix slab OOB issue
Slab OOB issue is scanned by KASAN in cpu_power_to_freq().
If power is limited below the power of OPP0 in EM table,
it will cause slab out-of-bound issue with negative array
index.
Return the lowest frequency if limited power cannot found
a suitable OPP in EM table to fix this issue.
Backtrace:
[] die+0x104/0x5ac
[] bug_handler+0x64/0xd0
[] brk_handler+0x160/0x258
[] do_debug_exception+0x248/0x3f0
[] el1_dbg+0x14/0xbc
[] __kasan_report+0x1dc/0x1e0
[] kasan_report+0x10/0x20
[] __asan_report_load8_noabort+0x18/0x28
[] cpufreq_power2state+0x180/0x43c
[] power_actor_set_power+0x114/0x1d4
[] allocate_power+0xaec/0xde0
[] power_allocator_throttle+0x3ec/0x5a4
[] handle_thermal_trip+0x160/0x294
[] thermal_zone_device_check+0xe4/0x154
[] process_one_work+0x5e4/0xe28
[] worker_thread+0xa4c/0xfac
[] kthread+0x33c/0x358
[] ret_from_fork+0xc/0x18
Solution(s)
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.