CVE-2022-50318
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-12-04
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 4.19.189 (inc) to 4.19.270 (exc) |
| linux | linux_kernel | From 5.4.115 (inc) to 5.4.229 (exc) |
| linux | linux_kernel | From 5.10.33 (inc) to 5.10.163 (exc) |
| linux | linux_kernel | From 5.11.17 (inc) to 5.12 (exc) |
| linux | linux_kernel | From 5.12.1 (inc) to 5.15.86 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.0.16 (exc) |
| linux | linux_kernel | From 6.1 (inc) to 6.1.2 (exc) |
| linux | linux_kernel | 5.12 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-Other |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a reference count leak in the Linux kernel's perf/x86/intel/uncore component, specifically in the hswep_has_limit_sbox() function. The issue arises because pci_get_device() increases the reference count for a device object, but pci_dev_put() was not called to decrease the reference count after the device was used in pci_read_config_dword(). This leads to a resource leak.
How can this vulnerability impact me? :
The reference count leak can cause resource exhaustion in the kernel, potentially leading to degraded system performance or instability over time as resources are not properly released.