CVE-2022-50318 - Vulnerability Details

- perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()

Description

In the Linux kernel, the following vulnerability has been resolved:

perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()

pci_get_device() will increase the reference count for the returned
'dev'. We need to call pci_dev_put() to decrease the reference count.
Since 'dev' is only used in pci_read_config_dword(), let's add
pci_dev_put() right after it.

Published: 2025-09-15

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`a8e87042482fd2d31c5cee62875b2ae75759ae8b`	affected	< 5a96c10a56037db006ba6769307a9731cf6073be
`319a06e58ed7f1443f7133c05513de470f90628d`	affected	< e293263248f25c6b8aa1caf7c1103d40aa03311e
`6f8315e5d9511ed1cf28ee2afbc9f89ff693de7b`	affected	< c0539d5d474ee6fa4ebc41f927a0f98f81244f25
`9d480158ee86ad606d3a8baaf81e6b71acbfd7d5`	affected	< 3485f197518061371568f842405159aa9e4df551
`9d480158ee86ad606d3a8baaf81e6b71acbfd7d5`	affected	< 48f32b9a74e2ac8e854bb87bfefdbc745125a123
`9d480158ee86ad606d3a8baaf81e6b71acbfd7d5`	affected	< bd66877c0b3b42eed0ecee0bd2a2a505c1e54177
`9d480158ee86ad606d3a8baaf81e6b71acbfd7d5`	affected	< 1ff9dd6e7071a561f803135c1d684b13c7a7d01d
`d2c79105a90323a2a93484c85f9ac419ae9b183d`	affected	—
`4.19.189`	affected	< 4.19.270
`5.4.115`	affected	< 5.4.229
`5.10.33`	affected	< 5.10.163
`5.11.17`	affected	< 5.12

Linux

affected

Version	Status	Constraints
`5.12`	affected	—
`0`	unaffected	< 5.12
`4.19.270`	unaffected	≤ 4.19.*
`5.4.229`	unaffected	≤ 5.4.*
`5.10.163`	unaffected	≤ 5.10.*
`5.15.86`	unaffected	≤ 5.15.*
`6.0.16`	unaffected	≤ 6.0.*
`6.1.2`	unaffected	≤ 6.1.*
`6.2`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.12:-::::::

No data.

Vendor	Product	Confidence	Versions
Linux	Linux Kernel	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2022-55537	In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() pci_get_device() will increase the reference count for the returned 'dev'. We need to call pci_dev_put() to decrease the reference count. Since 'dev' is only used in pci_read_config_dword(), let's add pci_dev_put() right after it.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1ff9dd6e7071a561f803135c1d684b13c7a7d01d
https://git.kernel.org/stable/c/3485f197518061371568f842405159aa9e4df551
https://git.kernel.org/stable/c/48f32b9a74e2ac8e854bb87bfefdbc745125a123
https://git.kernel.org/stable/c/5a96c10a56037db006ba6769307a9731cf6073be
https://git.kernel.org/stable/c/bd66877c0b3b42eed0ecee0bd2a2a505c1e54177
https://git.kernel.org/stable/c/c0539d5d474ee6fa4ebc41f927a0f98f81244f25
https://git.kernel.org/stable/c/e293263248f25c6b8aa1caf7c1103d40aa03311e
https://lore.kernel.org/linux-cve-announce/2025091552-CVE-2022-50318-6f5e@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-50318
https://www.cve.org/CVERecord?id=CVE-2022-50318

History

Thu, 04 Dec 2025 15:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.12:-::::::

Wed, 17 Sep 2025 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Vendors & Products		Linux Linux linux Kernel

Tue, 16 Sep 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025091552-CVE-2022-50318-6f5e@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-50318 https://www.cve.org/CVERecord?id=CVE-2022-50318
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Mon, 15 Sep 2025 15:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() pci_get_device() will increase the reference count for the returned 'dev'. We need to call pci_dev_put() to decrease the reference count. Since 'dev' is only used in pci_read_config_dword(), let's add pci_dev_put() right after it.
Title		perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()
References		https://git.kernel.org/stable/c/1ff9dd6e7071a561f803135c1d684b13c7a7d01d https://git.kernel.org/stable/c/3485f197518061371568f842405159aa9e4df551 https://git.kernel.org/stable/c/48f32b9a74e2ac8e854bb87bfefdbc745125a123 https://git.kernel.org/stable/c/5a96c10a56037db006ba6769307a9731cf6073be https://git.kernel.org/stable/c/bd66877c0b3b42eed0ecee0bd2a2a505c1e54177 https://git.kernel.org/stable/c/c0539d5d474ee6fa4ebc41f927a0f98f81244f25 https://git.kernel.org/stable/c/e293263248f25c6b8aa1caf7c1103d40aa03311e

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-09-15T14:48:51.035Z

Updated: 2026-05-23T15:24:15.241Z

Reserved: 2025-09-15T14:18:36.814Z

Link: CVE-2022-50318

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2025-09-15T15:15:43.750

Modified: 2026-06-17T05:23:13.497

Link: CVE-2022-50318

Redhat

Severity : Low

Publid Date: 2025-09-15T00:00:00Z

Links: CVE-2022-50318 - Bugzilla

OpenCVE Enrichment

Updated: 2025-09-17T10:06:53Z

Weaknesses

NVD-CWE-Other

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object