CVE-2022-50464 — Missing Release of Resource after Effective Lifetime in Linux

CWE-772 — Missing Release of Resource after Effective Lifetime6 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 98.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +1 more

Timeline

PublishedOct 1

Latest updateOct 14

Description

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2() As comment of pci_get_device() says, it returns a pci_device with its refcount increased. We need to call pci_dev_put() to decrease the refcount. Save the return value of pci_get_device() and call pci_dev_put() to decrease the refcount.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶NVDlinux/linux_kernel5.12 — 6.0.16+1

▶Debianlinux/linux_kernel< 6.1.4-1+2

▶CVEListV5linux/linux9093cfff72e3e55b703ed38fa1af87c204d89cf1 — 8abc6579667129afd13ff2ccb0319ba3f46e6995+3

▶debiandebian/linux< linux 6.1.4-1 (bookworm)

▶msrcmsrc/cbl2_kernel_5.15.186.1-1_on_cbl_mariner_2.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

CVE-2022-50464: In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2() As comment of↗2025-10-01

▶

GHSA

GHSA-2cg8-29w5-5m74: In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2() As comment↗2025-10-01

▶

📋Vendor Advisories

Microsoft

mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2()↗2025-10-14

▶

Red Hat

kernel: mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2()↗2025-10-01

▶

Debian

CVE-2022-50464: linux - In the Linux kernel, the following vulnerability has been resolved: mt76: mt791...↗2022

▶