CVE-2022-48896

Summary

In the Linux kernel, the following vulnerability has been resolved:

ixgbe: fix pci device refcount leak

As the comment of pci_get_domain_bus_and_slot() says, it returns a PCI device with refcount incremented, when finish using it, the caller must decrement the reference count by calling pci_dev_put().

In ixgbe_get_first_secondary_devfn() and ixgbe_x550em_a_has_mii(), pci_dev_put() is called to avoid leak.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8fa10ef01260937eb540b4e9bbc3efa023595993 < 53cefa802f070d46c0c518f4865be2c749818a18affected
LinuxLinux8fa10ef01260937eb540b4e9bbc3efa023595993 < 112df4cd2b09acd64bcd18f5ef83ba5d07b34bf0affected
LinuxLinux8fa10ef01260937eb540b4e9bbc3efa023595993 < 4c93422a54cd6a349988f42e1c6bf082cf4ea9d8affected
LinuxLinux8fa10ef01260937eb540b4e9bbc3efa023595993 < c49996c6aa03590e4ef5add8772cb6068d99fd59affected
LinuxLinux8fa10ef01260937eb540b4e9bbc3efa023595993 < b93fb4405fcb5112c5739c5349afb52ec7f15c07affected
LinuxLinux5.0affected
LinuxLinux0 < 5.0unaffected
LinuxLinux5.4.229 <= 5.4.*unaffected
LinuxLinux5.10.164 <= 5.10.*unaffected
LinuxLinux5.15.89 <= 5.15.*unaffected
LinuxLinux6.1.7 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References