CVE-2022-50576
In the Linux kernel, the following vulnerability has been resolved: serial: pch: Fix PCI device refcount leak in pch_request_dma() As comment of pci_get_slot() says, it returns a pci_device with its refcount increased. The caller must decrement the reference count by calling pci_dev_put(). Since 'dma_dev' is only used to filter the channel in filter(), we can call pci_dev_put() before exiting from pch_request_dma(). Add the missing pci_dev_put() for the normal and error path.
Affected versions
Linux kernel versions
2.6.38
and later are affected. Fixed in
4.9.337,
4.14.303,
4.19.270,
5.4.229,
5.10.163,
5.15.86,
6.0.16,
6.1.2,
6.2
and their respective stable series.
References
The following references provide additional information about CVE-2022-50576 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.
-
PatchKernel patch commithttps://git.kernel.org/stable/c/07f4ca68b0f6bf84b6b391c14b59fd179fcde9c5
-
PatchKernel patch commithttps://git.kernel.org/stable/c/4f5d28865c665c9064de631a518f9bc8099d9ce4
-
PatchKernel patch commithttps://git.kernel.org/stable/c/516614a371c26e3334625b4bca19a5362bf658d6
Frequently asked questions
-
What is CVE-2022-50576?
CVE-2022-50576 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 2.6.38 onward and has been patched in 4.9.337, 4.14.303, 4.19.270 and others. CVE-2022-50576 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2022-50576?
Yes — CVE-2022-50576 has been patched. Fixed versions include 4.9.337, 4.14.303, 4.19.270 and others. If you are running Linux kernel 2.6.38 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2022-50576 actively exploited?
No — CVE-2022-50576 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.