LiveActive security incident?Get immediate response
CVE Record

CVE-2022-48973: gpio: amd8111: Fix PCI device reference count leak

In the Linux kernel, the following vulnerability has been resolved: gpio: amd8111: Fix PCI device reference count leak for_each_pci_dev() is implemented by pci_get_device(). The comment of pci_get_device() says that it will increase the reference count for the returned pci_dev and also decrease the reference count for the input pci_dev @from if it is not NULL. If we break for_each_pci_dev() loop with pdev not NULL, we need to call pci_dev_put() to decrease the reference count. Add the missing pci_dev_put() after the 'out' label. Since pci_dev_put() can handle NULL input parameter, there is no problem for the 'Device not found' branch. For the normal path, add pci_dev_put() in amd_gpio_exit().

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

CVE-2022-48973 is a Linux kernel bug in the amd8111 GPIO driver where a PCI device reference was not released correctly. The public sources describe a resource reference leak, not remote code execution or data theft. Severity and CVSS are not provided, so urgency depends on whether affected kernels and this driver are present in your estate.

Executive priority

Handle through routine kernel patch management unless validation shows affected production systems using this driver. There is no provided evidence of active exploitation or severe business impact, but kernel defects should not be ignored on long-lived infrastructure.

Technical view

The amd8111 GPIO code iterates PCI devices using for_each_pci_dev(), backed by pci_get_device(), which increments the returned pci_dev reference. When the loop exits with pdev still set, the code failed to call pci_dev_put(). The fix adds pci_dev_put() after the out label and during amd_gpio_exit().

Likely exposure

Exposure appears limited to Linux kernels listed as affected in the CVE source bundle, especially where the amd8111 GPIO driver is built or loaded. The sources do not identify distributions, default configurations, cloud images, containers, or hardware-specific exposure, so asset validation is required.

Exploitation context

The source bundle does not report active exploitation, KEV listing, exploit availability, or attacker prerequisites. Based only on the cited text, this is a kernel resource-management flaw involving a PCI reference count leak. Practical impact is not fully evidenced in the provided sources.

Researcher notes

The key evidence is the missing pci_dev_put() after breaking a for_each_pci_dev() loop and in amd_gpio_exit(). The public record lacks CVSS, CWE, threat model, exploitability analysis, and distribution-specific fixed versions. Treat impact assessment as incomplete until vendor advisories are reviewed.

Mitigation direction

  • Apply Linux kernel vendor updates that include the referenced stable fixes.
  • Prioritize systems running affected kernel versions with the amd8111 GPIO driver present.
  • Check distribution advisories for backported fixes and package-specific version mapping.
  • Use normal kernel change controls and reboot requirements for deployed updates.

Validation and detection

  • Inventory Linux kernel versions against the affected versions in the CVE bundle.
  • Check whether the amd8111 GPIO driver is built, available, or loaded.
  • Confirm installed kernels contain one of the referenced upstream stable fixes or vendor backport.
  • Review kernel and distribution advisories for local severity and applicability notes.
Prepared
Confidence
medium
Sources
10

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2022-48973 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
1ADP providers
9Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxf942a7de047d8c599cc1a9a26293c8c7400450ea, f942a7de047d8c599cc1a9a26293c8c7400450ea, f942a7de047d8c599cc1a9a26293c8c7400450ea, f942a7de047d8c599cc1a9a26293c8c7400450ea, f942a7de047d8c599cc1a9a26293c8c7400450ea, f942a7de047d8c599cc1a9a26293c8c7400450ea, f942a7de047d8c599cc1a9a26293c8c7400450ea, f942a7de047d8c599cc1a9a26293c8c7400450eaunaffected
LinuxLinux3.6, 0, 4.9.336, 4.14.302, 4.19.269, 5.4.227, 5.10.159, 5.15.83, 6.0.13, 6.1affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.