CVE-2022-49244 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192_mt6359_dev_probe
The device_node pointer is returned by of_parse_phandle() with refcount incremented. We should use of_node_put() on it when done.
This function only calls of_node_put() in the regular path. And it will cause refcount leak in error paths. Fix this by calling of_node_put() in error handling too.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 02/16/2026
This vulnerability exists in the Linux kernel's sound subsystem specifically within the MediaTek mt8192-mt6359 audio driver component. The issue manifests as a reference count leak in the device tree node handling mechanism, which represents a memory management flaw that can lead to resource exhaustion over time. The vulnerability affects systems using MediaTek SoCs with the mt8192 and mt6359 audio components, particularly those running Linux kernel versions prior to the fix. The problem occurs during device probe operations when the driver attempts to parse device tree properties to establish audio hardware connections.
The technical flaw stems from improper handling of device tree node references obtained through the of_parse_phandle() function. This kernel API returns a device_node pointer with an incremented reference count, requiring explicit cleanup through of_node_put() when the reference is no longer needed. The driver implementation correctly calls of_node_put() in normal execution paths but fails to perform this cleanup operation in error handling scenarios. This oversight creates a reference count leak where device tree nodes remain allocated in memory even when the driver fails to initialize properly, leading to gradual resource depletion.
The operational impact of this vulnerability extends beyond simple memory leaks to potentially compromise system stability and performance in embedded devices and mobile platforms. When multiple audio driver initialization attempts fail, each failure contributes to growing memory pressure that can eventually impact system responsiveness or even cause kernel oops conditions. The vulnerability is particularly concerning in resource-constrained environments such as smartphones, tablets, and IoT devices where memory management is critical. From a cybersecurity perspective, this represents a denial-of-service vulnerability that could be exploited by malicious actors to degrade system performance or trigger crashes.
The fix implements proper error handling by ensuring that of_node_put() is called regardless of whether the driver initialization succeeds or fails. This follows established kernel development practices and aligns with the principle of resource cleanup in all execution paths. The solution addresses the root cause by modifying the driver's error handling code to release the device tree node reference in all scenarios, preventing the accumulation of leaked references. This remediation technique demonstrates proper defensive programming practices and aligns with common security engineering principles that emphasize resource management in kernel code. The fix is minimal and surgical, addressing only the specific reference counting issue without altering core driver functionality, making it suitable for inclusion in stable kernel releases.
This vulnerability type falls under CWE-404, which specifically addresses improper resource management, and can be categorized under ATT&CK technique T1499.004 for resource exhaustion. The issue highlights the importance of proper reference counting in kernel drivers, particularly when dealing with device tree parsing operations. The fix demonstrates the critical need for comprehensive error handling in kernel code, where all resource acquisition must have corresponding release operations in both success and failure paths. This vulnerability underscores the broader challenge of maintaining memory safety in kernel space where resource leaks can have cascading effects on system stability and security posture.