CVE-2022-49415 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
ipmi:ipmb: Fix refcount leak in ipmi_ipmb_probe
of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 02/16/2026
The vulnerability identified as CVE-2022-49415 represents a memory management issue within the Linux kernel's IPMI subsystem, specifically affecting the ipmb (IPMI Management Bus) driver component. This flaw manifests as a reference count leak that occurs during device probe operations, demonstrating a classic example of improper resource handling that can lead to system instability and potential denial of service conditions. The issue resides in how the kernel processes device tree node references during hardware initialization, where the kernel's device tree parsing functions fail to properly release acquired references, creating a gradual memory consumption problem that can accumulate over time.
The technical root cause of this vulnerability stems from the improper handling of device tree node references within the ipmi_ipmb_probe function. When the of_parse_phandle() function is invoked to parse device tree properties, it returns a node pointer with an incremented reference count to ensure the node remains valid during the parsing operation. However, the code fails to invoke the corresponding of_node_put() function to decrement this reference count when the node pointer is no longer needed. This pattern violates fundamental resource management principles and creates a memory leak scenario where each successful probe operation leaves behind an unreleased reference, leading to progressive memory consumption within the kernel's device tree subsystem.
From an operational impact perspective, this vulnerability creates a subtle but significant risk to system stability and resource management. While individual reference count leaks may appear negligible, their cumulative effect over extended system uptime can lead to memory exhaustion conditions, particularly in embedded systems or environments with frequent device initialization cycles. The vulnerability affects systems utilizing IPMI hardware management capabilities, potentially impacting data center infrastructure, server management, and embedded systems that rely on IPMI for out-of-band management functions. The leak is particularly concerning because it operates at the kernel level where resource exhaustion can lead to system crashes, degraded performance, or complete system lockups, especially under high load conditions.
The mitigation strategy for this vulnerability requires implementing the missing of_node_put() call in the ipmi_ipmb_probe function to properly release the device tree node reference. This remediation follows established kernel development practices and aligns with the Linux kernel's resource management guidelines, ensuring that all acquired references are properly released. The fix represents a straightforward code correction that addresses the specific resource management flaw without altering the functional behavior of the IPMI subsystem. System administrators should prioritize applying this patch to all affected systems, particularly those running embedded Linux distributions or server environments where IPMI management is actively utilized, as the vulnerability can contribute to long-term system instability and resource degradation.
This vulnerability maps to CWE-404, which describes improper resource management, specifically focusing on improper handling of reference counting mechanisms in kernel space operations. The issue also relates to the ATT&CK technique T1499.004, which involves resource exhaustion through improper use of system resources, potentially leading to denial of service conditions. The vulnerability demonstrates how seemingly minor code omissions in kernel subsystems can create significant security implications, highlighting the critical importance of proper resource management in operating system components that operate with elevated privileges and handle critical system functions.