CVE-2022-49324 is a vulnerability identified in the Linux kernel specifically affecting the MIPS architecture's cpc (performance counter) subsystem. The issue arises from a refcount leak in the function mips_cpc_default_phys_base. The root cause is the omission of a call to of_node_put(), which is necessary to decrement the reference count incremented by of_find_compatible_node(). In Linux kernel device tree handling, of_find_compatible_node() increments the reference count of a device tree node to ensure it remains valid while in use. Failing to release this reference count leads to a resource leak, specifically a reference count leak. Over time, this can cause resource exhaustion or memory leaks within the kernel, potentially degrading system stability or causing denial of service conditions. The vulnerability is limited to the MIPS architecture implementation within the Linux kernel and relates to internal kernel resource management rather than direct user-facing functionality. There are no known exploits in the wild, and no CVSS score has been assigned. The affected versions are identified by a specific commit hash, indicating the vulnerability is present in certain kernel revisions prior to the patch. The fix involves adding the missing of_node_put() call to properly release the reference count and prevent the leak.

For European organizations, the impact of CVE-2022-49324 is primarily related to system stability and availability on devices running Linux kernels with the vulnerable MIPS architecture code. Since MIPS is less common in mainstream servers and desktops compared to x86 or ARM, the affected systems are likely embedded devices, network equipment, or specialized industrial hardware using MIPS processors. In such environments, a refcount leak could lead to gradual resource exhaustion, causing kernel instability or crashes, which may result in denial of service. This could disrupt critical infrastructure, industrial control systems, or network devices that rely on MIPS-based Linux systems. Confidentiality and integrity impacts are minimal as the vulnerability does not directly enable privilege escalation or code execution. However, availability degradation could indirectly affect business operations, especially in sectors relying on embedded Linux devices. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to potential future exploitation or stability issues.

European organizations should first identify any Linux-based systems running on MIPS architecture within their infrastructure, including embedded devices, routers, and industrial equipment. They should verify kernel versions against the affected commit hashes and apply the official Linux kernel patches that add the missing of_node_put() call to fix the refcount leak. If vendor-supplied firmware or device OS updates are available, these should be deployed promptly. For devices where patching is not immediately feasible, monitoring system logs and kernel resource usage can help detect symptoms of resource leaks or instability. Network segmentation and limiting access to vulnerable devices can reduce the risk of exploitation or impact. Additionally, organizations should engage with device vendors to ensure timely updates and consider replacement of unsupported or unpatchable MIPS-based devices. Regular kernel updates and adherence to secure configuration best practices will help mitigate similar vulnerabilities in the future.