CVE-2024-50020

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count()<br /> <br /> This patch addresses an issue with improper reference count handling in the<br /> ice_sriov_set_msix_vec_count() function.<br /> <br /> First, the function calls ice_get_vf_by_id(), which increments the<br /> reference count of the vf pointer. If the subsequent call to<br /> ice_get_vf_vsi() fails, the function currently returns an error without<br /> decrementing the reference count of the vf pointer, leading to a reference<br /> count leak. The correct behavior, as implemented in this patch, is to<br /> decrement the reference count using ice_put_vf(vf) before returning an<br /> error when vsi is NULL.<br /> <br /> Second, the function calls ice_sriov_get_irqs(), which sets<br /> vf-&gt;first_vector_idx. If this call returns a negative value, indicating an<br /> error, the function returns an error without decrementing the reference<br /> count of the vf pointer, resulting in another reference count leak. The<br /> patch addresses this by adding a call to ice_put_vf(vf) before returning<br /> an error when vf-&gt;first_vector_idx