CVE-2022-50659
hwrng: geode - Fix PCI device refcount leak
Description
In the Linux kernel, the following vulnerability has been resolved: hwrng: geode - Fix PCI device refcount leak for_each_pci_dev() is implemented by pci_get_device(). The comment of pci_get_device() says that it will increase the reference count for the returned pci_dev and also decrease the reference count for the input pci_dev @from if it is not NULL. If we break for_each_pci_dev() loop with pdev not NULL, we need to call pci_dev_put() to decrease the reference count. We add a new struct 'amd_geode_priv' to record pointer of the pci_dev and membase, and then add missing pci_dev_put() for the normal and error path.
INFO
Published Date :
Dec. 9, 2025, 4:17 p.m.
Last Modified :
Dec. 9, 2025, 6:37 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Solution
- Update the Linux kernel to the latest version.
- Ensure all PCI device references are properly managed.
- Apply the patch for the hwrng geode driver.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2022-50659.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2022-50659 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2022-50659
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2022-50659 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2022-50659 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Dec. 09, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: hwrng: geode - Fix PCI device refcount leak for_each_pci_dev() is implemented by pci_get_device(). The comment of pci_get_device() says that it will increase the reference count for the returned pci_dev and also decrease the reference count for the input pci_dev @from if it is not NULL. If we break for_each_pci_dev() loop with pdev not NULL, we need to call pci_dev_put() to decrease the reference count. We add a new struct 'amd_geode_priv' to record pointer of the pci_dev and membase, and then add missing pci_dev_put() for the normal and error path. Added Reference https://git.kernel.org/stable/c/19b7b85773b18457ff85a9ff4f5e2a2d4bf7ed0c Added Reference https://git.kernel.org/stable/c/5cc818ad53df650cac8fb41d9066665366af3f03 Added Reference https://git.kernel.org/stable/c/6b9e43c4098f1310f5b4d52121d007a219fa5d43 Added Reference https://git.kernel.org/stable/c/82bd423ed977847652b2048b0f8dcf049b1847a9 Added Reference https://git.kernel.org/stable/c/874f798c2db5ad595e46982d7f727a679dacb048 Added Reference https://git.kernel.org/stable/c/88f4ea623f59155280d99d1a59a968f838472c4a Added Reference https://git.kernel.org/stable/c/9f6ec8dc574efb7f4f3d7ee9cd59ae307e78f445 Added Reference https://git.kernel.org/stable/c/aa96aff394a511cc7bb7df08d1b8504d4d97671e Added Reference https://git.kernel.org/stable/c/e2f44baf62567c5cfbc274974c7d96dddad53ccc