CVE-2022-50337
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-12-04
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.9 (inc) to 5.10.163 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.86 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.0.16 (exc) |
| linux | linux_kernel | From 6.1 (inc) to 6.1.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-Other |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a reference count leak in the Linux kernel's ocxl driver related to the function get_function_0(). The function calls pci_get_domain_bus_and_slot(), which increments the reference count of a PCI device, but the corresponding pci_dev_put() to decrement the reference count was not always called, leading to a leak. The fix ensures that pci_dev_put() is called properly in error paths and unconditionally by callers to prevent the leak.
How can this vulnerability impact me? :
The reference count leak can lead to resource leaks in the kernel, potentially causing increased memory usage or instability in the system over time if PCI device references are not properly released.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the ocxl pci device refcount leak issue has been fixed. This involves applying the patch that ensures pci_dev_put() is called appropriately after get_function_0() usage to prevent reference count leaks.