CVE-2022-50520Improper Update of Reference Count in Linux

CWE-911Improper Update of Reference Count6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 97.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 7
Latest updateApr 19

Description

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() As comment of pci_get_class() says, it returns a pci_device with its refcount increased and decreased the refcount for the input parameter @from if it is not NULL. If we break the loop in radeon_atrm_get_bios() with 'pdev' not NULL, we need to call pci_dev_put() to decrease the refcount. Add the missing pci_dev_put() to avoid refcount leak.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel3.2.293.3+12
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linuxc61e2775873f603148e8e998a938721b7d222d246f28c7f67af4ef9bca580ab67ae2d4511797af56+13
debiandebian/linux< linux 6.1.4-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
VulDB
Linux Kernel up to 6.1.1 radeon_atrm_get_bios reference count (WID-SEC-2025-2229)2026-04-19
OSV
CVE-2022-50520: In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() As comment of p2025-10-07
GHSA
GHSA-2hpp-r984-4f9g: In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() As comment of2025-10-07

📋Vendor Advisories

2
Red Hat
kernel: drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()2025-10-07
Debian
CVE-2022-50520: linux - In the Linux kernel, the following vulnerability has been resolved: drm/radeon:...2022