CVE-2022-50337

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-50337
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50337.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-50337
Downstream
Published
2025-09-15T14:49:52.919Z
Modified
2026-03-12T03:26:26.845997Z
Summary
ocxl: fix pci device refcount leak when calling get_function_0()
Details

In the Linux kernel, the following vulnerability has been resolved:

ocxl: fix pci device refcount leak when calling getfunction0()

getfunction0() calls pcigetdomainbusandslot(), as comment says, it returns a pci device with refcount increment, so after using it, pcidev_put() needs be called.

Get the device reference when getfunction0() is not called, so pcidevput() can be called in the error path and callers unconditionally. And add comment above getdvsecvendor0() to tell callers to call pcidevput().

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50337.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
87db7579ebd5ded337056eb765542eb2608f16e3
Fixed
a40e1b0a922a53fa925ea8b296e3de30a31ed028
Fixed
37a13b274e4513c757e50c002ddcbf4bc89adbb2
Fixed
9a1b3148975b71fdc194e62612478346bbe618cd
Fixed
40ff4c2335a98f0ee96b099bfd70b8e6644f321f
Fixed
27158c72678b39ee01cc01de1aba6b51c71abe2f

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50337.json"