VDB

CVE-2022-50337

CVE-2022-50337 PUBLISHED

Reported by Linux · Published September 15, 2025

In the Linux kernel, the following vulnerability has been resolved: ocxl: fix pci device refcount leak when calling get_function_0() get_function_0() calls pci_get_domain_bus_and_slot(), as comment says, it returns a pci device with refcount increment, so after using it, pci_dev_put() needs be called. Get the device reference when get_function_0() is not called, so pci_dev_put() can be called in the error path and callers unconditionally. And add comment above get_dvsec_vendor0() to tell callers to call pci_dev_put().

EPSS 0.02% · 6.1th percentile

Risk Scores

EPSS Score
0.02%
6.1th percentile

Affected Products

VendorProductVersions
LinuxLinux87db7579ebd5ded337056eb765542eb2608f16e3, 87db7579ebd5ded337056eb765542eb2608f16e3, 87db7579ebd5ded337056eb765542eb2608f16e3
LinuxLinux5.9, 0, 5.10.163
LinuxLinux*, 87db7579ebd5ded337056eb765542eb2608f16e3, 87db7579ebd5ded337056eb765542eb2608f16e3
linuxlinux_kernel5.9, 5.9, 5.9

Timeline

  • Sep 15, 2025 CVE Published
  • Sep 16, 2025 EPSS Score
  • Sep 23, 2025 EPSS Score
  • Sep 30, 2025 EPSS Score
  • Oct 7, 2025 EPSS Score
  • Oct 15, 2025 EPSS Score
  • Oct 22, 2025 EPSS Score
  • Oct 29, 2025 EPSS Score
  • Nov 5, 2025 EPSS Score
  • Nov 12, 2025 EPSS Score
  • Nov 19, 2025 EPSS Score
  • Nov 26, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›