CVE-2022-50868
In the Linux kernel, the following vulnerability has been resolved: hwrng: amd - Fix PCI device refcount leak for_each_pci_dev() is implemented by pci_get_device(). The comment of pci_get_device() says that it will increase the reference count for the returned pci_dev and also decrease the reference count for the input pci_dev @from if it is not NULL. If we break for_each_pci_dev() loop with pdev not NULL, we need to call pci_dev_put() to decrease the reference count. Add the missing pci_dev_put() for the normal and error path.
Affected versions
Linux kernel versions
2.6.18
and later are affected. Fixed in
4.9.337,
4.14.303,
4.19.270,
5.4.229,
5.10.163,
5.15.86,
6.0.16,
6.1.2,
6.2
and their respective stable series.
References
The following references provide additional information about CVE-2022-50868 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.
-
PatchKernel patch commithttps://git.kernel.org/stable/c/1199f8e02941b326c60ab71a63002b7c80e38212
-
PatchKernel patch commithttps://git.kernel.org/stable/c/2b79a5e560779b35e1164d57ae35c48b43373082
-
PatchKernel patch commithttps://git.kernel.org/stable/c/2e10ecd012ae2b2a374b34f307e9bc1e6096c03d
Frequently asked questions
-
What is CVE-2022-50868?
CVE-2022-50868 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 2.6.18 onward and has been patched in 4.9.337, 4.14.303, 4.19.270 and others. CVE-2022-50868 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2022-50868?
Yes — CVE-2022-50868 has been patched. Fixed versions include 4.9.337, 4.14.303, 4.19.270 and others. If you are running Linux kernel 2.6.18 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2022-50868 actively exploited?
No — CVE-2022-50868 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.