Vulnerabilities > CVE-2022-49002 - Unspecified vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() for_each_pci_dev() is implemented by pci_get_device(). The comment of pci_get_device() says that it will increase the reference count for the returned pci_dev and also decrease the reference count for the input pci_dev @from if it is not NULL. If we break for_each_pci_dev() loop with pdev not NULL, we need to call pci_dev_put() to decrease the reference count. Add the missing pci_dev_put() for the error path to avoid reference count leak.
Vulnerable Configurations
References
- https://git.kernel.org/stable/c/d47bc9d7bcdbb9adc9703513d964b514fee5b0bf
- https://git.kernel.org/stable/c/71c4a621985fc051ab86d3a86c749069a993fcb2
- https://git.kernel.org/stable/c/876d7bfb89273997056220029ff12b1c2cc4691d
- https://git.kernel.org/stable/c/cbdd83bd2fd67142b03ce9dbdd1eab322ff7321f
- https://git.kernel.org/stable/c/a5c65cd56aed027f8a97fda8b691caaeb66d115e
- https://git.kernel.org/stable/c/bdb613ef179ad4bb9d56a2533e9b30e434f1dfb7
- https://git.kernel.org/stable/c/2a8f7b90681472948de172dbbf5a54cd342870aa
- https://git.kernel.org/stable/c/4bedbbd782ebbe7287231fea862c158d4f08a9e3