NVD

CVE-2022-50520 Detail

Undergoing Reanalysis

This CVE is currently being enriched by team members, this process results in the association of reference link tags, CVSS, CWE, and CPE applicability statement data.

Description

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() As comment of pci_get_class() says, it returns a pci_device with its refcount increased and decreased the refcount for the input parameter @from if it is not NULL. If we break the loop in radeon_atrm_get_bios() with 'pdev' not NULL, we need to call pci_dev_put() to decrease the refcount. Add the missing pci_dev_put() to avoid refcount leak.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: 5.5 MEDIUM

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://git.kernel.org/stable/c/1079df6acf56f99d86b0081a38c84701412cc90e	kernel.org	Patch
https://git.kernel.org/stable/c/3991d98a8a07b71c02f3a39f77d6d9a7f575a5c4	kernel.org	Patch
https://git.kernel.org/stable/c/470a77989037c3ab2b08bf2d026d2c0ddc35ff5b	kernel.org	Patch
https://git.kernel.org/stable/c/6f28c7f67af4ef9bca580ab67ae2d4511797af56	kernel.org	Patch
https://git.kernel.org/stable/c/725a521a18734f65de05b8d353b5bd0d3ca4c37a	kernel.org	Patch
https://git.kernel.org/stable/c/88c6e0995c04b170563b5c894c50a3b2152e18c2	kernel.org	Patch
https://git.kernel.org/stable/c/a6cffe54064a5f6c2162a85af3c16c6b453eac4e	kernel.org	Patch
https://git.kernel.org/stable/c/b9decada8749b606fd8b4f04a3d6c74f7983d7bc	kernel.org	Patch
https://git.kernel.org/stable/c/e738f82e5b1311e8fb3d1409491a6fcce6418fbe	kernel.org	Patch

Weakness Enumeration

CWE-ID	CWE Name	Source
NVD-CWE-Other	Other	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found show changes

Initial Analysis by NIST 2/04/2026 12:02:13 PM

Action	Type	New Value
Added	CVSS V3.1	AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Added	CWE	NVD-CWE-Other
Added	CPE Configuration	OR cpe:2.3:o:linux:linux_kernel:3.6:rc5::::::* cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 4.10 up to (excluding) 4.14.303 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 4.15 up to (excluding) 4.19.270 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 4.20 up to (excluding) 5.4.229 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.16 up to (excluding) 6.0.16 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.1 up to (excluding) 6.1.2 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.5 up to (excluding) 5.10.163 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.11 up to (excluding) 5.15.86 cpe:2.3:o:linux:linux_kernel:3.6:rc6::::::* cpe:2.3:o:linux:linux_kernel:3.6:rc7::::::* cpe:2.3:o:linux:linux_kernel:3.6:rc3::::::* cpe:2.3:o:linux:linux_kernel:3.6:rc4::::::* cpe:2.3:o:linux:linux_kernel:3.6:-::::::* cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 3.2.29 up to (excluding) 3.3 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 3.4.12 up to (excluding) 3.5 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 3.5.5 up to (excluding) 3.6 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 3.2.60 up to (excluding) 3.3 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 3.6.1 up to (excluding) 4.9.337
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/1079df6acf56f99d86b0081a38c84701412cc90e Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/3991d98a8a07b71c02f3a39f77d6d9a7f575a5c4 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/470a77989037c3ab2b08bf2d026d2c0ddc35ff5b Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/6f28c7f67af4ef9bca580ab67ae2d4511797af56 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/725a521a18734f65de05b8d353b5bd0d3ca4c37a Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/88c6e0995c04b170563b5c894c50a3b2152e18c2 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/a6cffe54064a5f6c2162a85af3c16c6b453eac4e Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/b9decada8749b606fd8b4f04a3d6c74f7983d7bc Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/e738f82e5b1311e8fb3d1409491a6fcce6418fbe Types: Patch

New CVE Received from kernel.org 10/07/2025 12:15:35 PM

Action	Type	New Value
Added	Description	In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() As comment of pci_get_class() says, it returns a pci_device with its refcount increased and decreased the refcount for the input parameter @from if it is not NULL. If we break the loop in radeon_atrm_get_bios() with 'pdev' not NULL, we need to call pci_dev_put() to decrease the refcount. Add the missing pci_dev_put() to avoid refcount leak.
Added	Reference	https://git.kernel.org/stable/c/1079df6acf56f99d86b0081a38c84701412cc90e
Added	Reference	https://git.kernel.org/stable/c/3991d98a8a07b71c02f3a39f77d6d9a7f575a5c4
Added	Reference	https://git.kernel.org/stable/c/470a77989037c3ab2b08bf2d026d2c0ddc35ff5b
Added	Reference	https://git.kernel.org/stable/c/6f28c7f67af4ef9bca580ab67ae2d4511797af56
Added	Reference	https://git.kernel.org/stable/c/725a521a18734f65de05b8d353b5bd0d3ca4c37a
Added	Reference	https://git.kernel.org/stable/c/88c6e0995c04b170563b5c894c50a3b2152e18c2
Added	Reference	https://git.kernel.org/stable/c/a6cffe54064a5f6c2162a85af3c16c6b453eac4e
Added	Reference	https://git.kernel.org/stable/c/b9decada8749b606fd8b4f04a3d6c74f7983d7bc
Added	Reference	https://git.kernel.org/stable/c/e738f82e5b1311e8fb3d1409491a6fcce6418fbe

Quick Info

CVE Dictionary Entry:
CVE-2022-50520
NVD Published Date:
10/07/2025
NVD Last Modified:
02/04/2026
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2022-50520 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

Initial Analysis by NIST 2/04/2026 12:02:13 PM

New CVE Received from kernel.org 10/07/2025 12:15:35 PM

Quick Info