CVE-2022-50615

Vulnerability

Analysis

In the Linux kernel, a reference count leak was found in the snr_uncore_mmio_map() function within the Intel uncore performance monitoring driver for Skylake-X/SP (SNR) platforms. The function snr_uncore_get_mc_dev() calls pci_get_device(), which increments the reference count of the returned pci_dev structure. However, the code path that maps the MMIO region did not call pci_dev_put() to decrement the reference count after use, causing a leak [1][2].

Exploitation

This vulnerability is a memory/resource leak that occurs during normal operation of the perf uncore subsystem. No special privileges beyond local access are required to trigger the code path; any user or process that causes the uncore driver to map MMIO-map a device will trigger the leak. The attack surface is local, as the driver is part of the kernel and accessible to users with permission to use perf events.

Impact

An attacker with local access could repeatedly trigger the vulnerable code path to exhaust kernel memory or device reference counts, potentially leading to a denial of service (system instability or crash). The leak does not directly allow privilege escalation or data corruption, but resource exhaustion can degrade system availability.

Mitigation

The fix was applied in the Linux kernel stable tree. The commit adds the missing pci_dev_put() call to properly release the device reference. Users should update to a kernel version containing the fix (e.g., commit a67146437b6428069b71a7e5e740a2a2a8e1c40ac9 or dc7f07bc1ebb56a23fd1c4f664db5cbeb8900800) [1][2].