CVE-2022-50777

Vulnerability

CVE-2022-50777 is a refcount leak in the Linux kernel's xgmiitorgmii PHY driver. The function xgmiitorgmii_probe calls of_phy_find_device() which returns a device node with an incremented reference count. The driver failed to call put_device()` to release the reference when it was no longer needed, leading to a reference count leak [1].

Exploitation

An attacker with local access or the ability to trigger PHY device probing could exploit this leak. The vulnerability is triggered during the probe of the XGMII-to-RGMII converter, which is typically used in network interfaces. No special privileges beyond the ability to cause device enumeration are required [2].

Impact

A persistent reference count leak can lead to memory exhaustion over time, potentially causing a denial of service (DoS). In some cases, the leaked reference could also prevents proper cleanup, which could lead to use-after-free scenarios if the device is removed and re-probed [3].

Mitigation

The fix was applied in Linux kernel stable releases. The commit adds a put_device() call after the device is no longer needed, ensuring the reference count is properly decremented. Users should update to a kernel version containing the fix [1][2][3].