CVE-2022-50718

Root

Cause

CVE-2022-50718 is a reference count leak in the Linux kernel's amdgpu DRM driver. The functions amdgpu_device_resume_display_audio() and amdgpu_device_suspend_display_audio() call pci_get_domain_bus_and_slot() which, as documented, returns a PCI device with an incremented reference count. The caller must eventually call pci_dev_put() to decrement the count. The driver failed to do so before returning from those functions, leading to a leak [1][2].

Attack

Surface

An attacker with local access may trigger the code paths that exercise these functions. In practice, this could be triggered through normal system suspend/resume cycles or power management events that cause the display audio resources to be suspended or resumed. No special privileges beyond the ability to trigger PM events are required.

Impact

Repeatedly entering and exiting these code paths will exhaust the PCI device's reference count, preventing the device from being properly released or unregistered. This is a memory/resource leak that, over time, could lead to resource exhaustion, system instability, or denial-of-service conditions.

Mitigation

Patches have been applied to the Linux kernel stable trees. The fix adds pci_dev_put() calls to balance the reference count [1][2]. Users should update to a kernel version containing the fix.