CVE-2022-49482 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when done.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 02/26/2025
The vulnerability identified as CVE-2022-49482 represents a memory management issue within the Linux kernel's sound subsystem, specifically affecting the mxs-saif audio driver. This flaw manifests as a reference count leak that occurs during the probe phase of device initialization. The issue resides in the sound subsystem's handling of device tree node references, where the kernel fails to properly decrement the reference count of a parsed device tree node pointer. The mxs-saif driver, which manages the Freescale i.MX SoC Serial Audio Interface, demonstrates this problematic behavior when processing device tree configuration data during system boot or device enumeration.
The technical root cause of this vulnerability stems from improper device tree node reference management within the kernel's device tree parsing functions. When the of_parse_phandle() function processes device tree entries to locate and return a node pointer, it automatically increments the reference count of that node to prevent premature deallocation. However, the mxs_saif_probe function does not subsequently call of_node_put() to decrement this reference count when the node pointer is no longer needed. This oversight creates a memory leak where device tree nodes remain allocated in memory even after they have been processed, leading to gradual resource exhaustion over time. The vulnerability specifically affects the audio subsystem's initialization process, where device tree parsing occurs during driver probe operations.
The operational impact of this reference count leak extends beyond simple memory consumption issues, potentially affecting system stability and performance over extended periods of operation. While the immediate effect may appear minimal, sustained reference count leaks can accumulate and lead to memory pressure conditions that might impact other kernel subsystems or even cause system instability. The vulnerability is particularly concerning in embedded systems or devices with limited memory resources where such leaks can quickly compound and result in system crashes or degraded performance. Attackers could potentially exploit this weakness to cause resource exhaustion attacks, though the direct attack surface remains limited to kernel-level operations involving device tree parsing and audio driver initialization.
Mitigation strategies for CVE-2022-49482 involve applying the official kernel patch that ensures proper reference count management by adding the required of_node_put() call after processing device tree node pointers returned by of_parse_phandle(). This fix aligns with standard kernel development practices for device tree node management and follows the established patterns defined in the Linux kernel documentation and coding standards. System administrators should prioritize updating affected kernel versions to include this patch, particularly in production environments where long-running systems might experience cumulative memory leaks. The vulnerability demonstrates the importance of proper resource management in kernel code and serves as a reminder of the critical nature of device tree handling in modern embedded systems. This issue is classified under CWE-404, which addresses improper resource management, and aligns with ATT&CK technique T1059.006 for kernel-level code injection and system compromise through resource exhaustion attacks. Organizations should implement regular kernel update procedures to address similar memory management vulnerabilities and maintain robust security practices for embedded systems and kernel-level software components.