Bug 2401522 (CVE-2022-50505)

Summary: CVE-2022-50505 kernel: iommu/amd: Fix pci device refcount leak in ppr_notifier()
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A reference counting violation was found in the Linux kernel's AMD IOMMU PPR (Peripheral Page Request) notification handler. When the handler looks up PCI devices using pci_get_domain_bus_and_slot, it receives a reference-counted device pointer but never releases that reference before returning. This creates permanent reference leaks that prevent proper device cleanup, eventually exhausting system resources and causing denial of service.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-10-04 16:05:21 UTC 
In the Linux kernel, the following vulnerability has been resolved:

iommu/amd: Fix pci device refcount leak in ppr_notifier()

As comment of pci_get_domain_bus_and_slot() says, it returns
a pci device with refcount increment, when finish using it,
the caller must decrement the reference count by calling
pci_dev_put(). So call it before returning from ppr_notifier()
to avoid refcount leak.
Comment 1 Alexander B 2025-10-06 14:03:18 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025100422-CVE-2022-50505-b427@gregkh/T