CVE-2022-50659

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A reference count leak exists in the Linux kernel’s hardware random number generator (hwrng) for Geode systems. The for each pci dev() loop, implemented by pci get device(), increases the reference count for the returned pci dev and decreases the reference count for the input pci dev if it is not NULL. If the loop is broken with pdev not NULL, the reference count is not decreased, leading to a leak. A new structure, amd geode priv, was added to record pointers to the pci dev and membasе, and pci dev put() was added to address the missing reference count decrease in both normal and error paths.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.