CVE-2022-50810

Vulnerability

Description

In the Linux kernel, the RapidIO subsystem's mport_cdev_open function fails to call put_device on chdev->dev when kfifo_alloc fails. This oversight leaves the device's reference count incremented, leading to a reference leak [1][2][3][4].

Exploitation

Prerequisites

An attacker would need to trigger a failure of kfifo_alloc within the mport_cdev_open path. This may require specific system conditions or resource exhaustion to cause the allocation to fail. The vulnerability is local and requires access to the RapidIO character device interface.

Impact

If successfully exploited, the reference count leak prevents the device from being properly released, potentially leading to memory corruption or a use-after-free condition when the device is eventually freed. This could allow a local attacker to cause a denial of service or escalate privileges.

Mitigation

The fix involves adding put_device(&chdev->dev) after a failed kfifo_alloc call to properly decrement the reference count. Patches have been applied to the Linux kernel stable branches as referenced [1][2][3][4]. Users should update to the latest kernel version containing the fix.