CVE-2020-36777

media: dvbdev: Fix memory leak in dvb_media_device_free()

Description

In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: Fix memory leak in dvb_media_device_free() dvb_media_device_free() is leaking memory. Free `dvbdev->adapter->conn` before setting it to NULL, as documented in include/media/media-device.h: "The media_entity instance itself must be freed explicitly by the driver if required."

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.01%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/06854b943e0571ccbd7ad0a529babed1a98ff275 patch
https://git.kernel.org/stable/c/32168ca1f123316848fffb85d059860adf3c409f patch
https://git.kernel.org/stable/c/cd89f79be5d553c78202f686e8e4caa5fbe94e98 patch
https://git.kernel.org/stable/c/9185b3b1c143b8da409c19ac5a785aa18d67a81b patch
https://git.kernel.org/stable/c/43263fd43083e412311fa764cd04a727b0c6a749 patch
https://git.kernel.org/stable/c/9ad15e214fcd73694ea51967d86055f47b802066 patch
https://git.kernel.org/stable/c/cede24d13be6c2a62be6d7ceea63c2719b0cfa82 patch
https://git.kernel.org/stable/c/bf9a40ae8d722f281a2721779595d6df1c33a0bf patch

Frequently Asked Questions

What is the severity of CVE-2020-36777?
CVE-2020-36777 has been scored as a medium severity vulnerability.
How to fix CVE-2020-36777?
To fix CVE-2020-36777, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2020-36777 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2020-36777 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-36777?
CVE-2020-36777 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.