CVE-2022-49652 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not needed anymore.
Add missing of_node_put() in to fix this.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 06/28/2025
The vulnerability identified as CVE-2022-49652 represents a critical resource management flaw within the Linux kernel's DMA engine subsystem, specifically affecting the Texas Instruments DRA7 SoC crossbar routing implementation. This issue resides in the ti_dra7_xbar_route_allocate function where improper reference counting leads to memory leaks and potential system instability. The flaw demonstrates a classic kernel programming error that can have cascading effects on system performance and reliability.
The technical root cause stems from the improper handling of device tree node references within the kernel's device tree parsing functions. When of_parse_phandle() is invoked to parse device tree properties and return a node pointer, it automatically increments the reference count of the returned node to ensure proper resource management. However, in the affected code path, the developers failed to call of_node_put() to decrement the reference count when the node pointer was no longer required, creating a reference count leak. This pattern violates fundamental kernel memory management principles and directly maps to CWE-404, which specifically addresses improper resource management through inadequate reference counting.
The operational impact of this vulnerability extends beyond simple memory consumption issues, as it can lead to progressive resource exhaustion within the kernel's device tree subsystem. Over time, repeated allocation of routing configurations without proper cleanup can cause the system to consume increasing amounts of memory, potentially leading to system slowdowns, memory pressure, or even system crashes under sustained load conditions. The vulnerability is particularly concerning in embedded systems and real-time applications where memory constraints are tight and system stability is paramount. This flaw can be exploited by malicious actors to perform resource exhaustion attacks or to cause denial of service conditions.
Mitigation strategies for CVE-2022-49652 involve implementing the straightforward fix of adding the missing of_node_put() call in the ti_dra7_xbar_route_allocate function. This remediation ensures proper reference counting and prevents the accumulation of unreleased device tree node references. System administrators should prioritize applying kernel updates that contain this fix, particularly in production environments where the affected Texas Instruments DRA7 SoC platforms are deployed. The fix aligns with ATT&CK technique T1499.004, which involves resource exhaustion through improper reference counting, and represents a fundamental kernel security hardening measure that should be part of regular security maintenance procedures. Organizations utilizing embedded systems with TI DRA7 SoC architectures should conduct thorough testing of kernel updates to ensure compatibility while addressing this memory management vulnerability.