CVE-2022-50337 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-50337 PUBLISHED

Reported by Linux · Published September 15, 2025

In the Linux kernel, the following vulnerability has been resolved: ocxl: fix pci device refcount leak when calling get_function_0() get_function_0() calls pci_get_domain_bus_and_slot(), as comment says, it returns a pci device with refcount increment, so after using it, pci_dev_put() needs be called. Get the device reference when get_function_0() is not called, so pci_dev_put() can be called in the error path and callers unconditionally. And add comment above get_dvsec_vendor0() to tell callers to call pci_dev_put().

EPSS 0.02% · 2.9th percentile

Risk Scores

EPSS Score

0.02%

2.9th percentile

Affected Products

Vendor	Product	Versions
Linux	Linux	87db7579ebd5ded337056eb765542eb2608f16e3, 87db7579ebd5ded337056eb765542eb2608f16e3, 87db7579ebd5ded337056eb765542eb2608f16e3
Linux	Linux	5.9, 0, 5.10.163
Linux	Linux	87db7579ebd5ded337056eb765542eb2608f16e3, 87db7579ebd5ded337056eb765542eb2608f16e3, 87db7579ebd5ded337056eb765542eb2608f16e3
linux	linux_kernel	5.9, 5.9, 5.9

Timeline

Sep 15, 2025 CVE Published
Sep 16, 2025 EPSS Score
Sep 23, 2025 EPSS Score
Sep 29, 2025 EPSS Score
Oct 6, 2025 EPSS Score
Oct 12, 2025 EPSS Score
Oct 19, 2025 EPSS Score
Oct 25, 2025 EPSS Score
Nov 1, 2025 EPSS Score
Nov 7, 2025 EPSS Score
Nov 14, 2025 EPSS Score
Nov 21, 2025 EPSS Score

References

Open in Interactive Console →