CVE-2022-49161 is a vulnerability identified in the Linux kernel specifically affecting the ALSA System on Chip (ASoC) driver for MediaTek hardware, particularly the mt8183_da7219_max98357 device probe function. The root cause is improper error handling related to reference counting of device tree nodes. The function of_parse_phandle() returns a device_node pointer with an incremented reference count, which must be decremented by calling of_node_put() once the pointer is no longer needed. However, the vulnerable code only calls of_node_put() in the normal execution path and neglects to do so in error handling paths. This results in a reference count leak when errors occur during device probing. Over time, this leak can cause resource exhaustion in the kernel, potentially leading to degraded system stability or crashes. The vulnerability does not appear to allow direct code execution or privilege escalation but can impact system reliability due to resource leakage. The affected versions are specific Linux kernel commits identified by hash, indicating this is a low-level kernel source code issue. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The fix involves ensuring that of_node_put() is called in all error handling paths to properly decrement the reference count and prevent leaks.

For European organizations relying on Linux-based systems with MediaTek mt8183 SoC hardware, particularly embedded or IoT devices using the affected ASoC driver, this vulnerability could lead to kernel resource leaks and eventual system instability or crashes. While the vulnerability does not directly compromise confidentiality or integrity, availability could be impacted if the kernel runs out of resources due to leaked references, causing device reboots or failures. This could disrupt critical services, especially in environments where embedded Linux devices are used in industrial control, telecommunications, or network infrastructure. The impact is more pronounced in long-running systems where the leak accumulates over time. However, since exploitation requires triggering error paths in device probing, the attack surface is limited to scenarios involving device initialization or reinitialization. European organizations with large deployments of MediaTek-based Linux devices should be aware of potential stability issues and plan for patching to maintain operational continuity.

1. Apply the official Linux kernel patches that fix the reference count leak in the mt8183_da7219_max98357_dev_probe function as soon as they are available from trusted sources or Linux distributions. 2. For organizations using custom or embedded Linux kernels, ensure that kernel source trees are updated to include this fix and rebuild affected kernels. 3. Monitor device logs for kernel warnings or errors related to device probing or memory/resource leaks that could indicate the presence of this issue. 4. Implement proactive device lifecycle management to periodically reboot or refresh devices to mitigate the impact of potential resource leaks until patches are applied. 5. Engage with hardware vendors and Linux distribution maintainers to confirm the presence of this fix in their releases and coordinate timely updates. 6. Limit access to device initialization interfaces to trusted administrators to reduce the risk of triggering error paths maliciously. 7. Incorporate this vulnerability into vulnerability management and patching workflows to ensure ongoing compliance and risk reduction.