The vulnerability of the cpu_power_to_freq() function in the drivers/thermal/cpufreq_cooling.c module of the Linux kernel allows a hacker to cause a service failure.

🗓️ 18 Mar 2025 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Buffer overread in cpu_power_to_freq function of Linux kernel cpufreq cooling can cause system failure.

Reporter	Title	Published	Views	Family All 18
ATTACKERKB	CVE-2020-36776	27 Feb 202419:04	–	attackerkb
Tenable Nessus	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2022-002 (ALASKERNEL-5.10-2022-002)	2 May 202200:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2020-36776	5 Mar 202500:00	–	nessus
Amazon	Important: kernel	28 Jan 202200:00	–	amazon
Circl	CVE-2020-36776	27 Feb 202420:11	–	circl
CNNVD	Linux kernel security vulnerabilities	27 Feb 202400:00	–	cnnvd
CVE	CVE-2020-36776	27 Feb 202418:40	–	cve
Cvelist	CVE-2020-36776 thermal/drivers/cpufreq_cooling: Fix slab OOB issue	27 Feb 202418:40	–	cvelist
Debian CVE	CVE-2020-36776	27 Feb 202418:40	–	debiancve
NVD	CVE-2020-36776	27 Feb 202419:04	–	nvd

Source	Link
git	www.git.kernel.org/stable/c/876a5f33e5d961d879c5436987c09b3d9ef70379
git	www.git.kernel.org/stable/c/34ab17cc6c2c1ac93d7e5d53bb972df9a968f085
git	www.git.kernel.org/stable/c/c24a20912eef00587416628149c438e885eb1304
git	www.git.kernel.org/stable/c/6bf443acf6ca4f666d0e4225614ba9993a3aa1a9
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
lore	www.lore.kernel.org/linux-cve-announce/[email protected]/T/
git	www.git.kernel.org/linus/34ab17cc6c2c1ac93d7e5d53bb972df9a968f085
cve	www.cve.org/CVERecord
lore	www.lore.kernel.org/linux-cve-announce/[email protected]/
git	www.git.linuxtesting.ru/pub/scm/linux/kernel/git/lvc/linux-stable.git/commit/

18 Mar 2025 00:00Current

6.9Medium risk

Vulners AI Score6.9

CVSS 24.6

CVSS 35.5

EPSS0.00018

buffer overread cpufreq cooling linux kernel system failure