PT-2024-11874 · Linux+7 · Linux Kernel+7

Yang Yingliang

·

Published

2022-12-18

·

Updated

2025-09-29

·

CVE-2022-49011

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A refcount leak issue in the Linux kernel has been identified and resolved. The problem occurs in the nv1a ram new() function, where a PCI device reference count is not properly decremented after use. According to the comment for pci get domain bus and slot(), this function returns a PCI device with an incremented reference count, and the caller is responsible for decrementing the count by calling pci dev put() when finished using the device. This issue can be avoided by calling pci dev put() after using the PCI device.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALSA-2025:7531
ALSA-2025:7532
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2023-1066
BDU:2025-04437
CESA-2025_7531
CESA-2025_7532
CVE-2022-49011
INFSA-2024_2394
INFSA-2025_7531
INFSA-2025_7532
OESA-2024-2370
OESA-2024-2371
OPENSUSE-SU-2024_3983-1
OPENSUSE-SU-2024_3985-1
OPENSUSE-SU-2024_4131-1
OPENSUSE-SU-2024_4313-1
RHSA-2024:2394
RHSA-2024_2394
RHSA-2025:7531
RHSA-2025:7532
RHSA-2025_7531
RHSA-2025_7532
SUSE-SU-2024:3983-1
SUSE-SU-2024:3985-1
SUSE-SU-2024:4082-1
SUSE-SU-2024:4100-1
SUSE-SU-2024:4131-1
SUSE-SU-2024:4313-1
SUSE-SU-2024:4317-1
SUSE-SU-2024:4364-1
SUSE-SU-2025:0034-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linux Kernel
Red Hat
Red Os
Suse