Reference Count Leak in Intel Uncore Module of Linux Kernel
CVE-2022-50318

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 15 September 2025

What is CVE-2022-50318?

In the Intel uncore module of the Linux kernel, a vulnerability exists that allows a reference count leak due to improper handling of device references in the pci_get_device() function. Specifically, the reference counter is not decremented after usage, which could lead to resource management issues. To mitigate this vulnerability, it is necessary to add a call to pci_dev_put() immediately after pci_read_config_dword() to ensure the reference count is correctly managed.

Affected Version(s)

Linux a8e87042482fd2d31c5cee62875b2ae75759ae8b < 5a96c10a56037db006ba6769307a9731cf6073be

Linux 319a06e58ed7f1443f7133c05513de470f90628d

Linux 6f8315e5d9511ed1cf28ee2afbc9f89ff693de7b

References

https://git.kernel.org/stable/c/5a96c10a56037db006ba67693...

https://git.kernel.org/stable/c/e293263248f25c6b8aa1caf7c...

https://git.kernel.org/stable/c/c0539d5d474ee6fa4ebc41f92...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2025
Vulnerability Reserved
Sep 15, 2025