CVE-2022-49346 is a vulnerability identified in the Linux kernel, specifically within the network subsystem related to the Distributed Switch Architecture (DSA) driver for Lantiq GSWIP switches. The issue arises from a reference count leak in the function gswip_gphy_fw_list, which manages firmware nodes for the physical layer (PHY) devices. The vulnerability is due to improper handling of reference counts when iterating over device tree nodes using the for_each_available_child_of_node() macro. Normally, each iteration decrements the reference count of the previous node, but if the loop exits prematurely, the code fails to explicitly call of_node_put() on the last node (gphy_fw_np), resulting in a reference count leak. This leak can lead to resource exhaustion in kernel memory management, potentially causing degraded system performance or instability over time. The vulnerability does not appear to allow direct code execution or privilege escalation but can affect system reliability. The issue has been fixed by adding the missing of_node_put() call to ensure proper reference count management. The affected versions are specific Linux kernel commits identified by the hash 14fceff4771e51b23b4485b575cf9e5b3414b89b. There are no known exploits in the wild, and no CVSS score has been assigned yet.

For European organizations, the impact of CVE-2022-49346 is primarily related to system stability and reliability rather than direct compromise of confidentiality or integrity. Systems running Linux kernels with the vulnerable DSA Lantiq GSWIP driver could experience memory leaks leading to resource exhaustion, which may cause network interface disruptions or kernel crashes in environments heavily utilizing these switches. This could affect telecommunications providers, ISPs, and enterprises relying on embedded Linux devices or network equipment using Lantiq GSWIP switches. While the vulnerability does not enable direct remote code execution or privilege escalation, prolonged exploitation or heavy network loads could degrade service availability, impacting critical infrastructure or business continuity. European organizations with network infrastructure based on affected Linux kernel versions should be aware of potential service interruptions and plan for timely patching. Since no active exploits are known, the immediate risk is low, but the vulnerability should be addressed proactively to prevent future exploitation or accidental system failures.

To mitigate CVE-2022-49346, organizations should: 1) Identify Linux systems running kernels with the affected Lantiq GSWIP DSA driver versions, particularly those using the specified commit hashes. 2) Apply the official Linux kernel patches that fix the reference count leak by adding the missing of_node_put() call. If vendor-specific distributions are used, ensure that the vendor has incorporated this fix in their kernel updates. 3) For embedded devices or network equipment using Lantiq GSWIP switches, coordinate with hardware vendors to obtain firmware or software updates that include the kernel fix. 4) Monitor system logs and kernel memory usage for signs of resource leaks or instability that could indicate unpatched systems. 5) Implement robust system monitoring and alerting to detect early signs of kernel resource exhaustion. 6) Where possible, isolate critical network infrastructure to minimize impact in case of instability. 7) Maintain regular patch management cycles and test kernel updates in staging environments before deployment to production to avoid service disruptions.