CVE-2022-49718 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
irqchip/apple-aic: Fix refcount leak in aic_of_ic_init
of_get_child_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/08/2025
The vulnerability identified as CVE-2022-49718 represents a memory management issue within the Linux kernel's interrupt controller subsystem, specifically affecting the Apple AIC (Apple Interrupt Controller) driver. This flaw manifests as a reference count leak that occurs during the initialization process of interrupt controller devices. The issue is particularly significant because it demonstrates a failure in proper resource management within kernel space, where kernel developers must maintain strict control over memory references to prevent resource exhaustion and potential system instability.
The technical root cause of this vulnerability lies in the improper handling of device tree node references within the aic_of_ic_init function. When the of_get_child_by_name() function is invoked, it returns a pointer to a device tree node with an incremented reference count, indicating that the caller has acquired a reference to that node. However, the implementation failed to properly decrement this reference count when the node pointer was no longer needed. This oversight creates a situation where the device tree node remains allocated in memory even after it should have been released, leading to a gradual accumulation of unreleased references that can eventually exhaust available memory resources.
The operational impact of this reference count leak extends beyond simple memory consumption issues. While the immediate effect may appear benign, such leaks can accumulate over time and potentially lead to system instability, performance degradation, or in extreme cases, system crashes. The vulnerability affects systems running Linux kernels that utilize the Apple AIC driver, particularly those with Apple silicon processors or systems that employ Apple's interrupt controller architecture. This makes the vulnerability relevant to a specific subset of modern Linux installations, including those running on Apple M1 and M2 processors or other systems using Apple's interrupt controller implementations.
This vulnerability maps directly to CWE-404, which describes improper resource management where a resource is not properly released or is released incorrectly. The flaw also relates to ATT&CK technique T1070.004, which covers "Indicator Removal on Host: File Deletion," as improper resource management can lead to resource exhaustion that affects system operations. Additionally, the vulnerability aligns with ATT&CK technique T1490, which covers "Inhibit System Recovery," as resource leaks can contribute to system instability and reduced availability. The proper implementation of of_node_put() calls represents a fundamental requirement for device tree node management in kernel space, reflecting the broader security principle that all kernel resources must be properly accounted for and released.
The fix for CVE-2022-49718 involves adding the missing of_node_put() call to ensure proper reference count management. This correction aligns with established kernel development practices and security guidelines that mandate proper resource handling. The solution is straightforward yet critical, as it addresses a fundamental aspect of kernel memory management that affects the stability and reliability of interrupt controller operations. System administrators should prioritize applying this fix to vulnerable kernel versions, particularly in environments where long-running processes or high interrupt activity could amplify the impact of the reference count leak. The resolution demonstrates the importance of thorough code review and testing in kernel development, where even seemingly minor resource management oversights can have significant implications for system security and stability.