CVE-2022-50576
BaseFortify
Publication date: 2025-10-22
Last updated on: 2025-10-22
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a reference count leak in the Linux kernel's serial pch driver, specifically in the function pch_request_dma(). The issue arises because pci_get_slot() increases the reference count of a PCI device, but the corresponding decrement (pci_dev_put()) was missing in pch_request_dma(), leading to a resource leak. The fix adds the missing pci_dev_put() calls to properly manage the reference count in both normal and error paths.
How can this vulnerability impact me? :
The impact of this vulnerability is a resource leak in the Linux kernel, which could potentially lead to increased memory usage or resource exhaustion over time. This might degrade system performance or stability, especially on systems that frequently use the affected serial pch driver functionality.
What immediate steps should I take to mitigate this vulnerability?
Apply the updated Linux kernel patch that fixes the PCI device reference count leak in the pch_request_dma() function by ensuring pci_dev_put() is called appropriately to decrement the reference count. This prevents resource leaks related to PCI device handling.