CVE-2022-49396 in Linuxinfo

Summary

by MITRE • 02/26/2025

In the Linux kernel, the following vulnerability has been resolved:

phy: qcom-qmp: fix reset-controller leak on probe errors

Make sure to release the lane reset controller in case of a late probe error (e.g. probe deferral).

Note that due to the reset controller being defined in devicetree in "lane" child nodes, devm_reset_control_get_exclusive() cannot be used directly.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 02/16/2026

The vulnerability CVE-2022-49396 addresses a memory leak issue within the Qualcomm QMP (Qualcomm Multi-Purpose) PHY driver in the Linux kernel. This flaw specifically affects the reset controller management during device probe operations, creating a resource leak that can persist even when probe operations fail. The issue occurs in the phy-qcom-qmp driver which manages USB and DisplayPort PHY controllers on Qualcomm SoCs, making it particularly relevant for mobile devices and embedded systems running Linux kernels. The vulnerability represents a failure in proper resource cleanup during error conditions, which can lead to system instability and resource exhaustion over time.

The technical flaw manifests when the driver attempts to initialize reset controllers for lane child nodes defined in the device tree configuration. During normal operation, the driver should acquire reset controllers using devm_reset_control_get_exclusive() for automatic cleanup, but due to the specific device tree structure where reset controllers are defined in "lane" child nodes, this direct approach is not feasible. When probe operations encounter errors such as probe deferral conditions, the driver fails to properly release the acquired reset controller resources, resulting in a memory leak that consumes kernel resources unnecessarily.

The operational impact of this vulnerability extends beyond simple resource consumption, as it can lead to system performance degradation and potential system instability. In embedded systems with limited memory resources, such as mobile devices or IoT platforms, this leak can accumulate over time and eventually cause system crashes or unexpected behavior. The vulnerability particularly affects systems using Qualcomm Snapdragon processors where the qcom-qmp PHY driver is actively employed for USB and display port functionality. From an attacker perspective, this represents a denial-of-service vector that can be exploited to consume system resources and potentially cause system unresponsiveness.

The fix implemented in this vulnerability resolution ensures that reset controllers are properly released even when probe operations fail, addressing the resource leak through careful error handling and cleanup procedures. This aligns with the common weakness pattern described in CWE-404, which deals with improper resource release or unmanaged resource consumption. The mitigation strategy follows established kernel development practices for proper error handling and resource management, ensuring that all acquired resources are properly freed regardless of the execution path taken during device probe operations. The solution demonstrates adherence to the principle of defensive programming and proper resource lifecycle management that is fundamental to kernel security and system reliability. The fix specifically addresses the unique device tree configuration challenge where traditional resource management approaches cannot be directly applied, requiring specialized handling for child node reset controller management. This vulnerability highlights the importance of comprehensive error handling in kernel drivers and the need for careful resource management even in seemingly simple device initialization scenarios.

Responsible

Linux

Reservation

02/26/2025

Disclosure

02/26/2025

Moderation

accepted

CPE

ready

EPSS

0.00247

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!