CVE-2022-49113 is a vulnerability identified in the Linux kernel, specifically within the powerpc architecture's secure variable (secvar) subsystem. The issue arises from a reference count leak in the function format_show(). Reference counting is a memory management technique used to track how many references exist to a resource, ensuring proper cleanup when no references remain. In this case, when format_show() returns a failure in multiple scenarios, the reference count is not properly decremented, leading to a leak. This leak occurs due to inconsistent management of the of_node_put() calls, which are responsible for releasing device tree nodes. The vulnerability does not appear to allow direct code execution or privilege escalation but can lead to resource exhaustion over time, potentially causing denial of service (DoS) conditions by exhausting kernel memory or causing instability in the affected subsystem. The fix involves unified management of of_node_put() calls to ensure reference counts are correctly decremented even on failure paths. The affected versions are identified by specific commit hashes, indicating this is a low-level kernel issue primarily impacting PowerPC-based Linux systems. There are no known exploits in the wild, and no CVSS score has been assigned yet. The vulnerability was published on February 26, 2025.

For European organizations, the impact of CVE-2022-49113 is primarily related to system stability and availability rather than confidentiality or integrity. Organizations running Linux on PowerPC architectures, which are less common than x86 or ARM in Europe, may experience kernel memory leaks leading to degraded performance or system crashes. This could affect critical infrastructure or embedded systems relying on PowerPC Linux kernels, such as certain telecommunications equipment, industrial control systems, or legacy hardware in sectors like manufacturing or research. While the risk of direct exploitation is low due to the nature of the bug and lack of known exploits, prolonged operation under conditions triggering the leak could cause denial of service, impacting business continuity. The vulnerability does not appear to allow privilege escalation or data breaches, but availability impacts could disrupt services. European organizations with mixed or legacy hardware environments should assess their exposure, especially those in sectors where PowerPC Linux is used in embedded or specialized roles.

To mitigate CVE-2022-49113, organizations should: 1) Apply the official Linux kernel patches that address the reference count leak in the powerpc/secvar subsystem as soon as they become available. 2) Conduct an inventory to identify systems running PowerPC-based Linux kernels and prioritize patching on these systems. 3) Monitor system logs and kernel messages for signs of resource exhaustion or instability related to device tree node management. 4) Implement proactive resource monitoring to detect abnormal memory usage patterns that could indicate the leak is being triggered. 5) For embedded or specialized devices where kernel updates are challenging, consider vendor support or firmware updates that incorporate the fix. 6) Limit exposure by restricting access to vulnerable systems and ensuring that only trusted users or processes can trigger the affected code paths. 7) Incorporate this vulnerability into regular vulnerability management and patching cycles, especially for legacy or less common architectures. These steps go beyond generic advice by focusing on architecture-specific identification, monitoring, and patch prioritization.