VDB

DEBIAN-CVE-2022-50659

DEBIAN-CVE-2022-50659 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: hwrng: geode - Fix PCI device refcount leak for_each_pci_dev() is implemented by pci_get_device(). The comment of pci_get_device() says that it will increase the reference count for the returned pci_dev and also decrease the reference count for the input pci_dev @from if it is not NULL. If we break for_each_pci_dev() loop with pdev not NULL, we need to call pci_dev_put() to decrease the reference count. We add a new struct 'amd_geode_priv' to record pointer of the pci_dev and membase, and then add missing pci_dev_put() for the normal and error path.

Affected Products

VendorProductVersions
Debian:12linux0, 0, 0
Debian:13linux0, 0, 0
Debian:11linux5.10.127-2, 5.10.92-1, 5.10.92-1~bpo10+1
Debian:14linux0, 0, 0

Timeline

  • Dec 9, 2025 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›