CVE-2022-48973

In the Linux kernel, the following vulnerability has been resolved:

gpio: amd8111: Fix PCI device reference count leak

for_each_pci_dev() is implemented by pci_get_device(). The comment of
pci_get_device() says that it will increase the reference count for the
returned pci_dev and also decrease the reference count for the input
pci_dev @from if it is not NULL.

If we break for_each_pci_dev() loop with pdev not NULL, we need to call
pci_dev_put() to decrease the reference count. Add the missing
pci_dev_put() after the 'out' label. Since pci_dev_put() can handle NULL
input parameter, there is no problem for the 'Device not found' branch.
For the normal path, add pci_dev_put() in amd_gpio_exit().
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
LinuxCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
linuxlinux_kernel
3.6 ≤
𝑥
< 4.9.336
linuxlinux_kernel
4.10 ≤
𝑥
< 4.14.302
linuxlinux_kernel
4.15 ≤
𝑥
< 4.19.269
linuxlinux_kernel
4.20 ≤
𝑥
< 5.4.227
linuxlinux_kernel
5.5 ≤
𝑥
< 5.10.159
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.83
linuxlinux_kernel
5.16 ≤
𝑥
< 6.0.13
linuxlinux_kernel
6.1:rc1
linuxlinux_kernel
6.1:rc2
linuxlinux_kernel
6.1:rc3
linuxlinux_kernel
6.1:rc4
linuxlinux_kernel
6.1:rc5
linuxlinux_kernel
6.1:rc6
linuxlinux_kernel
6.1:rc7
linuxlinux_kernel
6.1:rc8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.226-1
fixed
bookworm
6.1.106-3
fixed
bookworm (security)
6.1.112-1
fixed
sid
6.11.5-1
fixed
trixie
6.11.5-1
fixed
References
https://git.kernel.org/stable/c/4271515f189bd5fe2ec86b4089dab7cb804625d2
https://git.kernel.org/stable/c/45fecdb9f658d9c82960c98240bc0770ade19aca
https://git.kernel.org/stable/c/4749c5cc147c9860b96db1e71cc36d1de1bd3f59
https://git.kernel.org/stable/c/48bd5d3801f6b67cc144449d434abbd5043a6d37
https://git.kernel.org/stable/c/5ee6413d3dd972930af787b2c0c7aaeb379fa521
https://git.kernel.org/stable/c/71d591ef873f9ebb86cd8d053b3caee785b2de6a
https://git.kernel.org/stable/c/b2bc053ebbba57a06fa655db5ea796de2edce445
https://git.kernel.org/stable/c/e364ce04d8f840478b09eee57b614de7cf1e743e