CVE-2022-49224 is a vulnerability identified in the Linux kernel, specifically within the power supply subsystem related to the AB8500 fuel gauge driver (ab8500_fg_sysfs_init). The issue arises from improper memory management in the function kobject_init_and_add(). This function is responsible for initializing and adding a kobject, which is a kernel object used for representing kernel entities in sysfs. According to the documented behavior of kobject_init_and_add(), if the function fails and returns an error, the caller must invoke kobject_put() to release the reference and properly clean up the allocated memory. The vulnerability is a memory leak caused by the failure to call kobject_put() when kobject_init_and_add() fails, leading to unreleased memory references. This leak occurs during the initialization of the AB8500 fuel gauge sysfs interface, which is part of the power supply subsystem in the Linux kernel. Although this vulnerability does not directly lead to code execution or privilege escalation, it can cause a gradual increase in kernel memory usage, potentially leading to resource exhaustion or system instability over time, especially on devices heavily relying on the affected driver. The vulnerability affects specific versions of the Linux kernel identified by the commit hash 8c0984e5a75337df513047ec92a6c09d78e3e5cd. There are no known exploits in the wild at this time, and no CVSS score has been assigned. The fix involves ensuring that kobject_put() is called to properly release memory when kobject_init_and_add() fails, thereby preventing the memory leak.

For European organizations, the impact of CVE-2022-49224 is generally limited but should not be overlooked. Organizations running Linux systems with the affected kernel versions and utilizing hardware that depends on the AB8500 power supply driver—commonly found in certain embedded devices or mobile platforms—may experience memory leaks that degrade system performance or cause instability over time. This can lead to increased maintenance costs, unexpected system reboots, or downtime, particularly in environments where uptime and reliability are critical, such as industrial control systems, telecommunications infrastructure, or embedded IoT devices. While the vulnerability does not directly compromise confidentiality or integrity, the availability of affected systems could be impacted if the memory leak leads to resource exhaustion. This is especially relevant for European sectors with stringent uptime requirements like finance, healthcare, and critical infrastructure. Since no known exploits exist, the immediate risk is low, but the vulnerability should be addressed proactively to avoid potential future exploitation or operational issues.

To mitigate CVE-2022-49224, European organizations should: 1) Identify and inventory Linux systems running kernel versions that include the affected commit (8c0984e5a75337df513047ec92a6c09d78e3e5cd) or earlier versions that contain the vulnerable code. 2) Apply the official Linux kernel patches that fix the memory leak by ensuring kobject_put() is called on failure paths in kobject_init_and_add(). This may require updating the kernel to a patched version or backporting the fix for long-term support kernels. 3) For embedded or specialized devices using the AB8500 power supply driver, coordinate with hardware vendors to obtain firmware or kernel updates that include the fix. 4) Monitor system memory usage on affected devices to detect abnormal increases that could indicate the presence of the leak. 5) Implement proactive system restarts or memory management policies as a temporary measure if patching is delayed, to prevent resource exhaustion. 6) Maintain robust patch management and vulnerability scanning processes to quickly identify and remediate similar kernel vulnerabilities in the future. 7) Document and test kernel updates in controlled environments before deployment to avoid unintended disruptions.