CVE-2020-36312: 
Linux Kernel vulnerability analysis and mitigation

CVE-2020-36312 is a memory leak vulnerability discovered in the Linux kernel before version 5.8.10. The issue specifically affects the kvmiobusunregisterdev function in virt/kvm/kvm_main.c, where a memory leak occurs upon a kmalloc failure (Debian Security, Ubuntu Security).

The vulnerability occurs in the KVM (Kernel-based Virtual Machine) subsystem when kmalloc() fails in kvmiobusunregisterdev(). The original code failed to properly handle memory cleanup, specifically not calling kvmiodevicedestructor() for all devices linked to the bus before removing it. This resulted in a memory leak condition when memory allocation failed during the unregistration process (Kernel Commit).

The vulnerability could lead to memory leaks in the kernel when using KVM virtualization, potentially affecting system stability and performance over time. The issue is particularly relevant in systems utilizing KVM for virtualization (Ubuntu Security).

The issue has been fixed in Linux kernel version 5.8.10 and later. The fix involves properly handling memory cleanup by iterating over all devices linked to the bus and calling kvmiodevicedestructor() for them when kmalloc fails. Various Linux distributions have backported the fix to their supported kernel versions, including Ubuntu 20.04 LTS (5.4.0-56.62), Ubuntu 18.04 LTS (4.15.0-126.129), and Ubuntu 16.04 LTS (4.4.0-197.229) (Ubuntu Security).