Refcount Leak in Linux Kernel PCI Device Handling

CVE-2022-50505

What is CVE-2022-50505?

A flaw in the Linux kernel related to PCI device handling was identified, which could lead to a refcount leak. The issue arose from the improper management of reference counts in the function ppr_notifier(). Specifically, the function pci_get_domain_bus_and_slot() increments the reference count of a PCI device. If the caller does not appropriately decrement this count using pci_dev_put() before returning, it can result in resource leaks and potential instability in the system. This vulnerability has been resolved by ensuring that the reference count is correctly managed, thus enhancing the overall stability and security of the Linux kernel.

References