CVE-2022-49438 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
Input: sparcspkr - fix refcount leak in bbc_beep_probe
of_find_node_by_path() calls of_find_node_opts_by_path(), which returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/18/2025
The vulnerability CVE-2022-49438 represents a reference count leak in the Linux kernel's sparcspkr driver, specifically within the bbc_beep_probe function. This issue affects systems utilizing the SPARC architecture and demonstrates a classic memory management flaw that can lead to resource exhaustion over time. The problem stems from improper handling of device tree node references during hardware probe operations, where the kernel fails to properly decrement reference counts on device tree nodes that have been acquired through specific lookup functions.
The technical flaw occurs when the sparcspkr driver calls of_find_node_by_path() which internally invokes of_find_node_opts_by_path() to locate device tree nodes. These functions return node pointers with incremented reference counts to ensure proper resource management during node traversal. However, the bbc_beep_probe function fails to call of_node_put() on the returned node pointer when the reference is no longer needed. This omission creates a reference count leak where the kernel's reference counting mechanism fails to properly release the device tree node resources, leading to gradual memory consumption and potential system instability.
This vulnerability operates at the kernel level and presents a significant operational impact for systems running affected Linux kernels. The reference count leak accumulates over time through repeated probe operations, potentially leading to memory exhaustion that affects system performance and stability. While the immediate impact may not be catastrophic, sustained reference count leaks can cause progressive degradation of system resources, particularly in embedded systems or servers that continuously probe hardware components. The vulnerability affects systems using SPARC architecture and the specific sparcspkr driver implementation, making it relevant to enterprise server environments and embedded systems that rely on SPARC-based hardware.
The fix for CVE-2022-49438 involves adding the missing of_node_put() call in the bbc_beep_probe function to properly decrement the reference count on device tree nodes. This remediation aligns with standard kernel development practices for device tree node management and follows the established pattern of acquiring and releasing device tree node references. The solution directly addresses the root cause by ensuring proper reference counting semantics and preventing resource leaks that could impact system stability. This fix demonstrates the importance of proper resource management in kernel code and reinforces the principle that every node reference acquired through device tree lookup functions must have a corresponding release operation to maintain proper memory accounting. The vulnerability classification aligns with CWE-404, which addresses improper resource management, and could potentially be leveraged by attackers to perform resource exhaustion attacks, though the primary concern remains system stability rather than direct exploitation.
The operational impact of this vulnerability extends beyond simple memory consumption, as reference count leaks can trigger cascading effects in kernel memory management subsystems. The issue particularly affects systems where the sparcspkr driver is frequently invoked during system initialization or hardware hot-plugging operations. Proper implementation of the fix ensures that device tree node references are properly managed throughout the driver's lifecycle, preventing potential denial of service conditions and maintaining optimal system resource utilization. This vulnerability highlights the critical importance of device tree node reference counting in kernel drivers and underscores the need for comprehensive testing of resource management patterns in kernel code. The remediation process requires careful code review and testing to ensure that all device tree node acquisitions are properly paired with corresponding release operations, aligning with best practices recommended in kernel security guidelines and the ATT&CK framework's system hardening principles.