CVE-2022-49477 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
ASoC: samsung: Fix refcount leak in aries_audio_probe
of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. If extcon_find_edev_by_node() fails, it doesn't call of_node_put() Calling of_node_put() after extcon_find_edev_by_node() to fix this.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 02/26/2025
The vulnerability CVE-2022-49477 represents a reference count leak in the Linux kernel's sound subsystem, specifically within the Samsung ASoC (Audio System on Chip) driver implementation. This issue occurs in the aries_audio_probe function where improper handling of device tree node references leads to memory resource exhaustion over time. The problem manifests when the kernel attempts to parse device tree properties using of_parse_phandle() which increments the reference count of the returned node pointer. When subsequent operations fail or return early, the kernel fails to properly decrement this reference count through the of_node_put() function, creating a memory leak that can accumulate and eventually impact system stability.
The technical flaw stems from a missing cleanup operation in the error handling path of the audio driver probe function. The of_parse_phandle() function is designed to return a node pointer with an incremented reference count to prevent premature deallocation, which is a standard practice in Linux kernel device tree parsing operations. However, when extcon_find_edev_by_node() fails to locate an appropriate external connector device, the code path does not execute the required of_node_put() call to release the reference. This violates fundamental kernel memory management principles and creates a resource leak that persists across multiple device probe operations. The vulnerability is classified as a reference counting error that can be categorized under CWE-404, which deals with improper resource management, and more specifically under CWE-772, concerning missing release of resource after effective lifetime.
The operational impact of this vulnerability extends beyond simple memory consumption issues to potentially destabilize systems running on Samsung audio hardware platforms. As the reference count leak accumulates over time, it can lead to gradual memory fragmentation and eventual resource exhaustion, particularly in embedded systems with limited memory budgets. The issue affects devices that utilize the Samsung ASoC audio subsystem, which is commonly found in mobile devices, tablets, and embedded systems where audio processing is handled through specialized hardware components. When this vulnerability is exploited through repeated device probe operations or system reboots, it can cause system performance degradation, unexpected device behavior, or even complete system crashes due to memory exhaustion. The vulnerability affects the broader Linux kernel ecosystem as it demonstrates a pattern of improper resource management that could potentially exist in other similar drivers.
Mitigation strategies for CVE-2022-49477 focus on implementing proper reference count management in the affected kernel code. The fix involves ensuring that of_node_put() is called after extcon_find_edev_by_node() regardless of whether the operation succeeds or fails, thereby guaranteeing that all device tree node references are properly released. This approach aligns with the ATT&CK framework's defense evasion techniques by preventing resource exhaustion attacks that could be leveraged to disrupt system operations. System administrators should prioritize applying kernel updates that contain the patched code, particularly in production environments where audio subsystem stability is critical. Additionally, monitoring for memory consumption patterns and implementing proper logging of device probe operations can help detect potential exploitation attempts. The fix demonstrates the importance of comprehensive error handling in kernel code, where all paths through a function must account for proper resource cleanup, a principle that is fundamental to maintaining system reliability and security in the Linux kernel ecosystem.