CVE-2022-49243 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
This node pointer is returned by of_parse_phandle() with refcount incremented in this function. Calling of_node_put() to avoid the refcount leak.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 10/21/2025
The vulnerability identified as CVE-2022-49243 represents a memory management issue within the Linux kernel's sound subsystem, specifically affecting the Atmel audio driver implementation. This flaw manifests in the at91sam9g20ek_audio_probe function where improper handling of device tree node references leads to resource leakage. The issue occurs within the Advanced Sound Architecture (ASoC) framework that manages audio hardware components in embedded systems. The root cause stems from the kernel's device tree parsing mechanisms where the of_parse_phandle() function returns a node pointer with an incremented reference count, indicating that the caller must properly release the reference to prevent memory leaks. This particular vulnerability affects systems utilizing Atmel's SAM9G20 processor family in audio configurations, potentially impacting embedded devices that rely on proper resource management for sustained operation.
The technical flaw involves a classic reference counting error where the of_node_put() function call is omitted after acquiring a device tree node reference through of_parse_phandle(). This function is responsible for decrementing the reference count of a device tree node, and its absence creates a memory leak condition where the node remains allocated in memory even after the probe function completes. The vulnerability specifically targets the at91sam9g20ek_audio_probe function within the Atmel audio driver implementation, which is part of the broader ASoC subsystem that handles audio codec drivers and machine drivers for various audio hardware platforms. The missing cleanup operation creates a resource leak that accumulates over time, potentially leading to system instability or reduced performance in long-running embedded systems.
The operational impact of this vulnerability extends beyond simple memory consumption issues, as it represents a fundamental flaw in resource management that can degrade system performance over time. In embedded systems where memory is constrained, this leak could eventually lead to system crashes or audio subsystem failures, particularly in devices that undergo frequent audio configuration changes or those that maintain persistent audio connections. The vulnerability affects systems running Linux kernels that include the affected Atmel audio driver code, potentially impacting a wide range of embedded devices including industrial automation systems, embedded multimedia players, and various IoT devices that utilize Atmel's SAM9G20 processor architecture. This type of resource leak is particularly concerning in real-time embedded systems where predictable resource usage is critical for maintaining system reliability and performance.
Mitigation strategies for CVE-2022-49243 involve applying the official kernel patch that correctly implements the of_node_put() function call after acquiring device tree node references. System administrators and device manufacturers should prioritize updating to kernel versions that include this fix, typically those released after the vulnerability disclosure date. The patch ensures proper reference counting by adding the missing of_node_put() call, thereby preventing the accumulation of unreleased device tree node references. Additionally, implementing regular system monitoring for memory usage patterns can help detect potential resource leaks before they cause system instability. Organizations should also consider conducting vulnerability assessments of their embedded systems to identify other potential instances of similar reference counting errors within their custom kernel modifications or third-party drivers. This vulnerability aligns with CWE-404, which categorizes improper resource release or unbalanced resource management, and could potentially be exploited through resource exhaustion attacks that leverage the cumulative memory leak to degrade system performance or availability.