CVE-2022-48881

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a refcount leak in the amd pmc probe function of the Linux kernel. The pci get domain bus and slot() function takes a reference, which the caller should release by calling pci dev put() after use. However, the reference is not released in the error path, leading to a refcount leak. This leak may allow an attacker to disclose protected information or cause a denial of service.

Recommendations To resolve the issue, ensure that pci dev put() is called in the error path to release the reference taken by pci get domain bus and slot(). As a temporary workaround, consider restricting access to the amd pmc probe function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.