CVE-2022-49002

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() for_each_pci_dev() is implemented by pci_get_device(). The comment of pci_get_device() says that it will increase the reference count for the returned pci_dev and also decrease the reference count for the input pci_dev @from if it is not NULL. If we break for_each_pci_dev() loop with pdev not NULL, we need to call pci_dev_put() to decrease the reference count. Add the missing pci_dev_put() for the error path to avoid reference count leak.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*

History

25 Oct 2024, 14:24

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
References () https://git.kernel.org/stable/c/2a8f7b90681472948de172dbbf5a54cd342870aa - () https://git.kernel.org/stable/c/2a8f7b90681472948de172dbbf5a54cd342870aa - Patch
References () https://git.kernel.org/stable/c/4bedbbd782ebbe7287231fea862c158d4f08a9e3 - () https://git.kernel.org/stable/c/4bedbbd782ebbe7287231fea862c158d4f08a9e3 - Patch
References () https://git.kernel.org/stable/c/71c4a621985fc051ab86d3a86c749069a993fcb2 - () https://git.kernel.org/stable/c/71c4a621985fc051ab86d3a86c749069a993fcb2 - Patch
References () https://git.kernel.org/stable/c/876d7bfb89273997056220029ff12b1c2cc4691d - () https://git.kernel.org/stable/c/876d7bfb89273997056220029ff12b1c2cc4691d - Patch
References () https://git.kernel.org/stable/c/a5c65cd56aed027f8a97fda8b691caaeb66d115e - () https://git.kernel.org/stable/c/a5c65cd56aed027f8a97fda8b691caaeb66d115e - Patch
References () https://git.kernel.org/stable/c/bdb613ef179ad4bb9d56a2533e9b30e434f1dfb7 - () https://git.kernel.org/stable/c/bdb613ef179ad4bb9d56a2533e9b30e434f1dfb7 - Patch
References () https://git.kernel.org/stable/c/cbdd83bd2fd67142b03ce9dbdd1eab322ff7321f - () https://git.kernel.org/stable/c/cbdd83bd2fd67142b03ce9dbdd1eab322ff7321f - Patch
References () https://git.kernel.org/stable/c/d47bc9d7bcdbb9adc9703513d964b514fee5b0bf - () https://git.kernel.org/stable/c/d47bc9d7bcdbb9adc9703513d964b514fee5b0bf - Patch
First Time Linux linux Kernel
Linux
CWE NVD-CWE-Other
CPE cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*

23 Oct 2024, 15:13

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu/vt-d: Se corrige la pérdida de recuento de referencias del dispositivo PCI en dmar_dev_scope_init(). for_each_pci_dev() se implementa mediante pci_get_device(). El comentario de pci_get_device() dice que aumentará el recuento de referencias para el pci_dev devuelto y también disminuirá el recuento de referencias para el pci_dev de entrada @from si no es NULL. Si interrumpimos el bucle for_each_pci_dev() con pdev no NULL, debemos llamar a pci_dev_put() para disminuir el recuento de referencias. Agregue el pci_dev_put() faltante para la ruta de error para evitar la pérdida del recuento de referencias.

21 Oct 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-21 20:15

Updated : 2024-10-25 14:24


NVD link : CVE-2022-49002

Mitre link : CVE-2022-49002

CVE.ORG link : CVE-2022-49002


JSON object : View

Products Affected

linux

  • linux_kernel