CVE-2022-49239 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data
The device_node pointer is returned by of_parse_phandle() with refcount incremented. We should use of_node_put() on it when done. This is similar to commit 64b92de9603f ("ASoC: wcd9335: fix a leaked reference by adding missing of_node_put")
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 03/19/2025
The vulnerability CVE-2022-49239 represents a memory leak issue within the Linux kernel's audio subsystem, specifically affecting the wcd934x codec driver. This flaw manifests in the wcd934x_codec_parse_data function where proper reference counting management is absent. The issue stems from the improper handling of device tree node references during codec initialization, creating a potential for resource exhaustion and system instability. The vulnerability affects systems utilizing the Qualcomm WCD934x audio codec drivers within embedded Linux environments, particularly those implementing advanced audio processing capabilities for mobile devices and IoT platforms.
The technical root cause involves the incorrect management of device tree node references through the of_parse_phandle() function which increments the reference count of device_node pointers. When this function is called within the wcd934x_codec_parse_data routine, it returns a device_node pointer with an incremented reference count that must be properly released using of_node_put(). The absence of this cleanup operation results in a reference leak where the kernel maintains unnecessary references to device tree nodes. This pattern mirrors a previously identified vulnerability in the wcd9335 codec driver, indicating a consistent code pattern error that was subsequently corrected in commit 64b92de9603f. The flaw aligns with CWE-404, specifically "Improper Resource Shutdown or Release," and demonstrates poor memory management practices in kernel space.
The operational impact of this vulnerability extends beyond simple memory consumption, potentially leading to system instability and performance degradation in embedded audio systems. While the immediate effect may appear as a minor resource leak, sustained exploitation could result in progressive memory exhaustion, particularly in systems with frequent codec initialization cycles. The vulnerability affects devices implementing the wcd934x audio codec architecture, which are commonly found in smartphones, tablets, and other mobile devices requiring advanced audio processing capabilities. This issue represents a significant concern for manufacturers maintaining long-term support for embedded systems, as the leak could compound over time and affect system reliability. The vulnerability also aligns with ATT&CK technique T1070.004, "File Deletion," in scenarios where memory exhaustion leads to system instability and potential service disruption, though the primary impact remains resource management rather than direct data manipulation.
Mitigation strategies for CVE-2022-49239 require kernel-level patches addressing the missing of_node_put() calls in the affected codec driver. System administrators should prioritize updating kernel versions to include the corrected implementation, typically found in kernel releases following version 5.19. The fix involves adding appropriate of_node_put() calls after each of_parse_phandle() invocation, ensuring proper reference count management. Organizations should conduct comprehensive testing of audio subsystem functionality following patch application to verify no regressions occur in codec initialization or audio processing capabilities. Additionally, monitoring systems for memory usage patterns can help detect potential exploitation scenarios, though the vulnerability itself does not represent an active attack vector but rather a latent resource management issue requiring kernel-level remediation. The fix demonstrates the importance of consistent kernel coding practices and proper reference counting in embedded system drivers, particularly those managing hardware interfaces through device tree specifications.