CVE-2022-50645

Vulnerability

Description CVE-2022-50645 is a refcount leak vulnerability in the Linux kernel's EDAC (Error Detection and Correction) driver for Intel 10nm platforms. The bug resides in the pci_get_dev_wrapper() function, which incorrectly increments the reference count of a PCI device returned by pci_get_domain_bus_and_slot(). The function pci_get_domain_bus_and_slot() already returns a PCI device with its reference count incremented, so an additional pci_dev_get() call is unnecessary and causes the refcount to be over-incremented. This extra reference is not properly released in the error path, leading to a permanent reference count leak [1][2].

Exploitation

An attacker with local access or the ability to trigger the EDAC subsystem initialization could exploit this flaw. The vulnerability is triggered during PCI device enumeration within the EDAC driver, specifically when pci_get_dev_wrapper() is called and an error occurs. Each error event will cause the reference count to leak without being decremented. Over time, repeated triggering of this code path can exhaust the available references for the PCI device, potentially leading to denial-of-service conditions or system instability [3].

Impact

The primary impact is a local denial-of-service (DoS) scenario. Because the leaked references prevent the PCI device from being properly released, the system may eventually run out of reference counts, causing subsequent operations on that device to fail. This does not allow arbitrary code execution or privilege escalation, but it can render parts of the EDAC subsystem inoperable and degrade system reliability [2].

Mitigation

The vulnerability was fixed in Linux kernel commits that remove the redundant pci_dev_get() call and ensure proper reference count handling in the error path. The fix is included in stable kernel updates. Users are advised to apply the latest kernel updates from their distribution to remediate this issue [1][3].