CVE-2022-49397 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
phy: qcom-qmp: fix struct clk leak on probe errors
Make sure to release the pipe clock reference in case of a late probe error (e.g. probe deferral).
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 02/16/2026
The vulnerability identified as CVE-2022-49397 represents a critical resource management flaw within the Linux kernel's phy subsystem, specifically affecting the qcom-qmp driver implementation. This issue manifests as a memory leak condition that occurs during the device probe phase of kernel initialization, where the system fails to properly release allocated resources when probe operations encounter errors. The qcom-qmp driver is responsible for managing Qualcomm QMP (Qualcomm Multi-Protocol) physical layer interfaces commonly found in mobile and embedded systems, making this vulnerability particularly significant for devices relying on Qualcomm hardware components. The flaw specifically impacts the clock management subsystem where the driver attempts to acquire and reference pipe clocks during device initialization but does not properly clean up these references when probe operations fail.
The technical root cause of this vulnerability stems from improper error handling within the driver's probe function, where the system allocates clock references but fails to release them when subsequent probe operations encounter failures. This constitutes a classic resource leak pattern that can occur when the kernel's device model encounters probe deferral scenarios or other error conditions during the device initialization process. The struct clk leak represents a failure in the kernel's resource management protocol where allocated clock objects remain in memory even after the probe operation has terminated unsuccessfully. This behavior directly violates standard kernel programming practices and can lead to progressive memory consumption that eventually impacts system stability and performance. The vulnerability is particularly concerning because it occurs during the early boot phase when the kernel is establishing hardware interfaces, meaning it can affect the entire system initialization process.
The operational impact of this vulnerability extends beyond simple memory consumption to potentially compromise system reliability and resource availability. When multiple devices or drivers encounter this issue during boot sequences, the cumulative effect of unreleased clock references can lead to memory exhaustion conditions that may prevent proper system initialization or cause unexpected system behavior. The leak becomes more pronounced in systems with multiple QMP interfaces or in environments where device probe operations frequently encounter deferral conditions. This type of resource leak can also interact with other kernel subsystems and may contribute to broader system instability, particularly in embedded systems with limited memory resources. The vulnerability essentially creates a persistent memory footprint that grows over time as the system encounters various probe scenarios, potentially leading to denial of service conditions or system crashes during critical boot phases.
Mitigation strategies for CVE-2022-49397 involve ensuring that all clock references are properly released during error conditions within the qcom-qmp driver implementation. System administrators should prioritize applying kernel updates that contain the specific fix for this resource leak, which typically involves modifying the driver's probe function to include proper cleanup routines that release clock references regardless of whether the probe operation succeeds or fails. The fix implements proper error handling paths that ensure clock objects are freed when probe deferral or other error conditions occur, aligning with established kernel development practices for resource management. Organizations should also implement monitoring for memory consumption patterns during boot processes to detect potential resource leak conditions, particularly in embedded systems where such issues can have more severe consequences. This vulnerability aligns with CWE-404, which addresses improper resource release or unmanaged resource consumption, and can be classified under ATT&CK technique T1490, representing resource exhaustion attacks that leverage improper resource management in system components.