Linux Kernel Vulnerability Affecting PCI Device Refcount Management
CVE-2022-50337
Currently unrated
What is CVE-2022-50337?
A vulnerability exists in the Linux kernel related to improper management of PCI device reference counts. Specifically, the function get_function_0() fails to correctly handle the reference counting, which can lead to a refcount leak. This issue requires the use of pci_dev_put() after obtaining the device reference to prevent resource leaks and ensure stable memory management. Adequate comments have been added in the code to guide developers on proper usage and cleanup practices.
Affected Version(s)
Linux 87db7579ebd5ded337056eb765542eb2608f16e3
Linux 87db7579ebd5ded337056eb765542eb2608f16e3 < 37a13b274e4513c757e50c002ddcbf4bc89adbb2
Linux 87db7579ebd5ded337056eb765542eb2608f16e3 < 9a1b3148975b71fdc194e62612478346bbe618cd