CVE-2022-49011

Summary

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()

As comment of pci_get_domain_bus_and_slot() says, it returns a pci device with refcount increment, when finish using it, the caller must decrement the reference count by calling pci_dev_put(). So call it after using to avoid refcount leak.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux14513ee696a0cd12a19318e433b75a786808adc3 < bb75a0d1223d43f97089841aecb28a9b4de687a9affected
LinuxLinux14513ee696a0cd12a19318e433b75a786808adc3 < 0dd1da5a15eeecb2fe4cf131b3216fb455af783caffected
LinuxLinux14513ee696a0cd12a19318e433b75a786808adc3 < 2f74cffc7c85f770b1b1833dccb03b8cde3be102affected
LinuxLinux14513ee696a0cd12a19318e433b75a786808adc3 < ea5844f946b1ec5c0b7c115cd7684f34fd48021baffected
LinuxLinux14513ee696a0cd12a19318e433b75a786808adc3 < c40db1e5f316792b557d2be37e447c20d9ac4635affected
LinuxLinux14513ee696a0cd12a19318e433b75a786808adc3 < 6e035d5a2a6b907cfce9a80c5f442c2e459cd34eaffected
LinuxLinux14513ee696a0cd12a19318e433b75a786808adc3 < f598da27acbeee414679cacd14294db3e273e3d2affected
LinuxLinux14513ee696a0cd12a19318e433b75a786808adc3 < 7dec14537c5906b8bf40fd6fd6d9c3850f8df11daffected
LinuxLinux3.14affected
LinuxLinux0 < 3.14unaffected
LinuxLinux4.9.335 <= 4.9.*unaffected
LinuxLinux4.14.301 <= 4.14.*unaffected
LinuxLinux4.19.268 <= 4.19.*unaffected
LinuxLinux5.4.226 <= 5.4.*unaffected
LinuxLinux5.10.158 <= 5.10.*unaffected
LinuxLinux5.15.82 <= 5.15.*unaffected
LinuxLinux6.0.12 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References