CVE-2024-50021

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins()<br /> <br /> This patch addresses a reference count handling issue in the<br /> ice_dpll_init_rclk_pins() function. The function calls ice_dpll_get_pins(),<br /> which increments the reference count of the relevant resources. However,<br /> if the condition WARN_ON((!vsi || !vsi-&gt;netdev)) is met, the function<br /> currently returns an error without properly releasing the resources<br /> acquired by ice_dpll_get_pins(), leading to a reference count leak.<br /> <br /> To resolve this, the check has been moved to the top of the function. This<br /> ensures that the function verifies the state before any resources are<br /> acquired, avoiding the need for additional resource management in the<br /> error path.<br /> <br /> This bug was identified by an experimental static analysis tool developed<br /> by our team. The tool specializes in analyzing reference count operations<br /> and detecting potential issues where resources are not properly managed.<br /> In this case, the tool flagged the missing release operation as a<br /> potential problem, which led to the development of this patch.