CVE-2022-49095 is a vulnerability identified in the Linux kernel specifically within the SCSI subsystem driver for the zorro7xx hardware interface. The issue arises from a resource leak in the error handling path of the probe function, where a resource allocated by ioremap() is not properly released by a corresponding iounmap() call in the remove function. The zorro7xx_remove_one() function is responsible for cleaning up resources when a device is removed, but the missing iounmap() call means that memory-mapped I/O regions remain mapped, leading to resource leakage. This flaw does not directly allow code execution or privilege escalation but can cause system resource exhaustion over time, potentially degrading system stability or causing denial of service conditions. The vulnerability affects specific Linux kernel versions identified by the commit hash 45804fbb00eea27bdf4d62751681228a9e2844e9. No known exploits are currently reported in the wild, and no CVSS score has been assigned. The fix involves adding the missing iounmap() call to properly unmap the I/O memory during device removal, ensuring resources are correctly freed and preventing leaks.

For European organizations, the impact of CVE-2022-49095 is primarily related to system reliability and availability rather than direct compromise of confidentiality or integrity. Organizations running Linux systems with the affected kernel versions and utilizing hardware that relies on the zorro7xx SCSI driver could experience gradual resource leaks leading to degraded performance or system crashes. This could affect servers, embedded systems, or specialized industrial equipment. While the vulnerability does not enable remote code execution or privilege escalation, the resulting instability could disrupt critical services, especially in sectors relying on high availability such as finance, healthcare, manufacturing, and telecommunications. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to potential future exploitation or operational issues.

European organizations should prioritize updating Linux kernels to versions that include the patch fixing CVE-2022-49095. Specifically, ensure that the kernel includes the corrected zorro7xx_remove_one() function with the added iounmap() call. For environments where immediate patching is not feasible, monitoring system logs and resource usage related to the zorro7xx driver can help detect abnormal resource consumption indicative of the leak. Organizations should also audit their hardware inventory to identify systems using the zorro7xx SCSI interface and assess their exposure. Implementing kernel live patching solutions where supported can reduce downtime during remediation. Additionally, maintaining robust backup and recovery procedures will mitigate potential availability impacts. Coordination with Linux distribution vendors for timely updates and security advisories is recommended.