Xiongfeng Wang

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A reference count leak in the Linux kernel has been identified and resolved. The issue occurs in the `has external pci()` function, where a `pci dev put()` call is missing, leading to a reference count leak when the `for each pci dev()` loop is broken with `pdev` not NULL. The `for each pci dev()` function is implemented by `pci get device()`, which increases the reference count for the returned `pci dev` and decreases the reference count for the input `pci dev` `@from` if it is not NULL. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A reference count leak in the Linux kernel has been identified and resolved. The issue is related to the `dmar dev scope init()` function in the `iommu/vt-d` component. The `for each pci dev()` loop, which is implemented by `pci get device()`, increases the reference count for the returned `pci dev` and decreases the reference count for the input `pci dev` `@from` if it is not NULL. However, if the loop is broken with `pdev` not NULL, a call to `pci dev put()` is required to decrease the reference count, which was missing in the error path. This leak has been fixed by adding the necessary `pci dev put()` call. **Recommendations** To resolve this issue, update the Linux kernel to a version that includes the fix for the reference count leak in `dmar dev scope init()`. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a PCI device reference count leak in the Linux kernel's gpio component, specifically in the amd8111 driver. The problem arises from the incorrect handling of errors in the `ioport unmap()` and `amd gpio exit()` functions in `drivers/gpio/gpio-amd8111.c`. This can potentially allow an attacker to cause a denial of service. The vulnerability is resolved by adding a missing `pci dev put()` call after the 'out' label and in the `amd gpio exit()` function to properly decrease the reference count. **Recommendations** To resolve the issue, apply the fix that adds the missing `pci dev put()` call after the 'out' label and in the `amd gpio exit()` function. As a temporary workaround, consider restricting access to the vulnerable `amd8111` driver to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.