CVE-2022-49367 in Linuxinfo

Summary

by MITRE • 02/26/2025

In the Linux kernel, the following vulnerability has been resolved:

net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register

of_get_child_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when done.

mv88e6xxx_mdio_register() pass the device node to of_mdiobus_register(). We don't need the device node after it.

Add missing of_node_put() to avoid refcount leak.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 04/17/2025

The vulnerability CVE-2022-49367 represents a memory management issue within the Linux kernel's DSA (Distributed Switch Architecture) subsystem, specifically affecting the mv88e6xxx switch driver implementation. This flaw resides in the network device driver layer where improper reference counting leads to resource leakage. The vulnerability manifests when processing MDIO (Media Independent Interface) bus registration for Marvell 88E6xxx series switches, which are commonly used in network infrastructure equipment and embedded systems. The issue directly impacts the kernel's ability to properly manage device node references during driver initialization and configuration phases.

The technical root cause stems from a missing reference count decrement operation in the mv88e6xxx_mdios_register function. When the function calls of_get_child_by_name() to retrieve a device node pointer, this operation increments the reference count of the node. However, the subsequent code path fails to properly release this reference using of_node_put() before the function returns. The of_get_child_by_name() function is part of the device tree parsing subsystem and is designed to return a node pointer with an incremented reference count to ensure the node remains valid during use. This pattern is standard across Linux kernel device tree operations and is governed by the kernel's device tree reference counting mechanisms.

The operational impact of this vulnerability extends beyond simple memory consumption issues. While the immediate effect appears as a reference count leak, such memory management flaws can accumulate over time and potentially lead to resource exhaustion in systems running extended periods or handling high network traffic loads. The leak specifically affects systems utilizing Marvell 88E6xxx switch chips in network switching applications, including enterprise routers, network appliances, and embedded devices. The vulnerability is particularly concerning in environments where multiple switch configurations are processed or where driver reloads occur frequently, as each occurrence of the leak compounds the resource consumption. From a security perspective, while this vulnerability does not directly enable privilege escalation or arbitrary code execution, it represents a potential denial of service vector that could degrade system performance or availability.

The fix for CVE-2022-49367 involves adding a single of_node_put() call at the appropriate point in the function's execution flow, ensuring that the reference count is properly decremented when the device node pointer is no longer needed. This remediation aligns with established kernel development practices and follows the device tree reference counting patterns defined in the Linux kernel documentation. The solution demonstrates adherence to CWE-404, which addresses improper resource management through inadequate reference counting, and follows the ATT&CK framework's resource exhaustion techniques by preventing improper reference handling. This vulnerability highlights the importance of proper resource management in kernel space drivers, particularly when dealing with device tree node references, and underscores the need for comprehensive code reviews focusing on reference counting patterns in kernel subsystems. The fix ensures that all device tree node references are properly released, maintaining system stability and preventing potential resource exhaustion scenarios that could impact network device functionality and overall system reliability.

Responsible

Linux

Reservation

02/26/2025

Disclosure

02/26/2025

Moderation

accepted

CPE

ready

EPSS

0.00253

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!