CVE-2022-48973
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-48973
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48973.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-48973
- Downstream
- Related
- Published
- 2024-10-21T20:15:09Z
- Modified
- 2025-08-09T20:01:26Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
gpio: amd8111: Fix PCI device reference count leak
foreachpcidev() is implemented by pcigetdevice(). The comment of pcigetdevice() says that it will increase the reference count for the returned pcidev and also decrease the reference count for the input pci_dev @from if it is not NULL.
If we break foreachpcidev() loop with pdev not NULL, we need to call pcidevput() to decrease the reference count. Add the missing pcidevput() after the 'out' label. Since pcidevput() can handle NULL input parameter, there is no problem for the 'Device not found' branch. For the normal path, add pcidevput() in amdgpio_exit().
- References
-
- https://git.kernel.org/stable/c/4271515f189bd5fe2ec86b4089dab7cb804625d2
- https://git.kernel.org/stable/c/45fecdb9f658d9c82960c98240bc0770ade19aca
- https://git.kernel.org/stable/c/4749c5cc147c9860b96db1e71cc36d1de1bd3f59
- https://git.kernel.org/stable/c/48bd5d3801f6b67cc144449d434abbd5043a6d37
- https://git.kernel.org/stable/c/5ee6413d3dd972930af787b2c0c7aaeb379fa521
- https://git.kernel.org/stable/c/71d591ef873f9ebb86cd8d053b3caee785b2de6a
- https://git.kernel.org/stable/c/b2bc053ebbba57a06fa655db5ea796de2edce445
- https://git.kernel.org/stable/c/e364ce04d8f840478b09eee57b614de7cf1e743e