CVE-2022-49000
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49000
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49000.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-49000
- Related
- Published
- 2024-10-21T20:15:11Z
- Modified
- 2024-10-31T17:46:10.740850Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix PCI device refcount leak in hasexternalpci()
foreachpcidev() is implemented by pcigetdevice(). The comment of pcigetdevice() says that it will increase the reference count for the returned pcidev and also decrease the reference count for the input pci_dev @from if it is not NULL.
If we break foreachpcidev() loop with pdev not NULL, we need to call pcidevput() to decrease the reference count. Add the missing pcidev_put() before 'return true' to avoid reference count leak.
- References
-
- https://git.kernel.org/stable/c/10ed7655a17f6a3eaecd1293830488259ccd5723
- https://git.kernel.org/stable/c/17f67414718e6aba123335a33b7d15aa594fff34
- https://git.kernel.org/stable/c/afca9e19cc720bfafc75dc5ce429c185ca93f31d
- https://git.kernel.org/stable/c/b6eea8b2e858a20ad58ac62dc2de90fea2413f94
- https://security-tracker.debian.org/tracker/CVE-2022-49000
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.158-1
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source