CVE-2022-49437 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
powerpc/xive: Fix refcount leak in xive_spapr_init
of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 11/12/2025
The vulnerability CVE-2022-49437 represents a memory management issue within the Linux kernel's PowerPC architecture implementation, specifically affecting the eXtensible Interrupt Virtualization Engine known as XIVE. This flaw manifests in the xive_spapr_init function where the kernel fails to properly manage reference counts for device tree nodes, creating a subtle but significant resource leak that can accumulate over time and potentially impact system stability. The issue occurs during the initialization phase of the XIVE interrupt controller on PowerPC systems, particularly those running on IBM Power Systems where the kernel must properly enumerate and configure interrupt handling mechanisms.
The technical root cause stems from improper device tree node reference counting within the kernel's device tree traversal logic. When the function of_find_compatible_node() is invoked, it returns a pointer to a device tree node with an incremented reference count to prevent premature deallocation. However, the xive_spapr_init function fails to call of_node_put() on the returned node pointer when the node is no longer needed, leading to a reference count leak where the kernel maintains unnecessary references to device tree nodes. This pattern violates fundamental resource management principles and creates a memory leak that grows with each initialization cycle, eventually consuming system resources and potentially leading to system instability or performance degradation.
The operational impact of this vulnerability extends beyond simple memory consumption, as it represents a classic example of a resource leak that can accumulate over extended system uptime periods. The vulnerability affects PowerPC systems running Linux kernels that support the XIVE interrupt controller, particularly those utilizing IBM Power Systems where the kernel must properly initialize and configure interrupt handling mechanisms for hardware components. This flaw can manifest as gradual memory consumption, reduced system performance, or in extreme cases, system instability when the leaked references reach critical thresholds. The vulnerability is particularly concerning in server environments where systems operate continuously for extended periods without rebooting, as the leak accumulates over time and can eventually impact system responsiveness or resource availability.
This vulnerability aligns with CWE-404, which addresses improper resource management, specifically focusing on resource leaks and improper reference counting. The flaw demonstrates a failure to properly manage kernel resources through the device tree subsystem, creating a scenario where the kernel's memory management becomes inefficient. From an attack perspective, while this vulnerability may not provide direct exploitation capabilities, it represents a potential denial of service vector where sustained resource consumption could degrade system performance or availability. The issue falls under ATT&CK technique T1499.001, which addresses resource exhaustion and denial of service through improper resource management, making it a significant concern for enterprise environments where system reliability and uptime are paramount.
The fix for CVE-2022-49437 involves adding the missing of_node_put() call to properly decrement the reference count when the device tree node pointer is no longer needed, ensuring that kernel memory management remains efficient and prevents the accumulation of unnecessary references. This remediation addresses the fundamental resource management issue by ensuring that every reference count increment has a corresponding decrement, maintaining proper device tree node lifecycle management throughout the XIVE initialization process. The fix is straightforward and surgical, targeting only the specific resource leak without altering broader kernel functionality or introducing new risks. System administrators should apply this patch to all affected PowerPC systems to prevent the accumulation of reference count leaks and maintain optimal system performance.