CVE-2022-50868Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 84.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: hwrng: amd - Fix PCI device refcount leak for_each_pci_dev() is implemented by pci_get_device(). The comment of pci_get_device() says that it will increase the reference count for the returned pci_dev and also decrease the reference count for the input pci_dev @from if it is not NULL. If we break for_each_pci_dev() loop with pdev not NULL, we need to call pci_dev_put() to decrease the reference count. Add the missing pci_dev_

Affected Packages4 packages

Linuxlinux/linux_kernel2.6.184.9.337+7
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linux96d63c0297ccfd6d9059c614b3f5555d9441a2b3f1c97f72ffd504f49882774e2ab689d982dc7afc+9
debiandebian/linux< linux 6.1.4-1 (bookworm)

🔴Vulnerability Details

3
OSV
hwrng: amd - Fix PCI device refcount leak2025-12-30
OSV
CVE-2022-50868: In the Linux kernel, the following vulnerability has been resolved: hwrng: amd - Fix PCI device refcount leak for_each_pci_dev() is implemented by pci2025-12-30
GHSA
GHSA-c92v-6x7x-f5fw: In the Linux kernel, the following vulnerability has been resolved: hwrng: amd - Fix PCI device refcount leak for_each_pci_dev() is implemented by p2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: Kernel: Denial of Service in AMD hwrng due to PCI device refcount leak2025-12-30
Debian
CVE-2022-50868: linux - In the Linux kernel, the following vulnerability has been resolved: hwrng: amd ...2022

🕵️Threat Intelligence

1
Wiz
CVE-2022-50868 Impact, Exploitability, and Mitigation Steps | Wiz