CVE-2022-50520
drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
Description
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() As comment of pci_get_class() says, it returns a pci_device with its refcount increased and decreased the refcount for the input parameter @from if it is not NULL. If we break the loop in radeon_atrm_get_bios() with 'pdev' not NULL, we need to call pci_dev_put() to decrease the refcount. Add the missing pci_dev_put() to avoid refcount leak.
INFO
Published Date :
Oct. 7, 2025, 4:15 p.m.
Last Modified :
Oct. 8, 2025, 7:38 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Solution
- Update the Linux kernel to include the fix.
- Ensure pci_dev_put() is called when breaking loops.
- Review and test the driver's reference counting logic.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2022-50520.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2022-50520 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2022-50520
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2022-50520 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2022-50520 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Oct. 07, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() As comment of pci_get_class() says, it returns a pci_device with its refcount increased and decreased the refcount for the input parameter @from if it is not NULL. If we break the loop in radeon_atrm_get_bios() with 'pdev' not NULL, we need to call pci_dev_put() to decrease the refcount. Add the missing pci_dev_put() to avoid refcount leak. Added Reference https://git.kernel.org/stable/c/1079df6acf56f99d86b0081a38c84701412cc90e Added Reference https://git.kernel.org/stable/c/3991d98a8a07b71c02f3a39f77d6d9a7f575a5c4 Added Reference https://git.kernel.org/stable/c/470a77989037c3ab2b08bf2d026d2c0ddc35ff5b Added Reference https://git.kernel.org/stable/c/6f28c7f67af4ef9bca580ab67ae2d4511797af56 Added Reference https://git.kernel.org/stable/c/725a521a18734f65de05b8d353b5bd0d3ca4c37a Added Reference https://git.kernel.org/stable/c/88c6e0995c04b170563b5c894c50a3b2152e18c2 Added Reference https://git.kernel.org/stable/c/a6cffe54064a5f6c2162a85af3c16c6b453eac4e Added Reference https://git.kernel.org/stable/c/b9decada8749b606fd8b4f04a3d6c74f7983d7bc Added Reference https://git.kernel.org/stable/c/e738f82e5b1311e8fb3d1409491a6fcce6418fbe