CVE-2020-36766: 
Linux Kernel vulnerability analysis and mitigation

CVE-2020-36766 is a vulnerability discovered in the Linux kernel before version 5.8.6, specifically in the drivers/media/cec/core/cec-api.c file. The issue allows unprivileged users to access one byte of kernel memory on specific hardware due to a direct assignment of log_addrs with a hole in the struct (NVD).

The vulnerability stems from a memory leak in the cecadapglogaddrs function within the Linux kernel's CEC (Consumer Electronics Control) API implementation. The issue occurs due to a structural hole at the end of struct ceclogaddrs that an assignment might ignore, potentially leading to information disclosure when performing copytouser operations (Linux Patch). The vulnerability has been assigned a CVSS v3.1 Base Score of 3.3 (LOW) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (NVD).

The vulnerability allows unprivileged local users to access one byte of kernel memory on affected systems. While the impact is limited to information disclosure of a single byte, it represents a potential security concern as it could leak sensitive kernel information (NVD).

The vulnerability was fixed in Linux kernel version 5.8.6. The fix involves using memcpy instead of direct assignment when handling the struct ceclogaddrs to prevent the potential information leak (Linux Patch). Users should upgrade their Linux kernel to version 5.8.6 or later to address this vulnerability.