CVE-2022-49367 is a vulnerability identified in the Linux kernel, specifically within the driver code for the Marvell mv88e6xxx series Ethernet switches, which is part of the Distributed Switch Architecture (DSA) subsystem. The issue stems from a reference count leak in the function mv88e6xxx_mdios_register. The root cause is related to improper management of device tree node references: the function of_get_child_by_name() returns a device node pointer with an incremented reference count, which must be decremented using of_node_put() once the node is no longer needed. In this case, the device node is passed to of_mdiobus_register(), but the driver code fails to release the reference afterward, leading to a refcount leak. Over time, this leak can cause resource exhaustion in kernel memory management, potentially degrading system stability or causing denial of service due to kernel memory depletion. The vulnerability does not directly allow code execution or privilege escalation but can impact system availability. The fix involves adding the missing of_node_put() call to properly decrement the reference count and prevent the leak. This vulnerability affects Linux kernel versions containing the affected commit a3c53be55c955b7150cda17874c3fcb4eeb97a89 and similar versions where this driver code is present. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability is technical and subtle, requiring in-depth kernel knowledge to exploit or detect.

For European organizations, the impact of CVE-2022-49367 is primarily related to system stability and availability rather than confidentiality or integrity. Organizations running Linux-based systems with kernel versions including the mv88e6xxx DSA driver—commonly found in embedded systems, network appliances, or specialized industrial equipment using Marvell Ethernet switches—may experience gradual resource leaks leading to kernel memory exhaustion. This can cause system slowdowns, crashes, or reboots, potentially disrupting critical network infrastructure or industrial control systems. While the vulnerability does not enable direct remote code execution or privilege escalation, the resulting denial of service could impact network reliability and availability of services. European enterprises relying on Linux for networking hardware, telecommunications, or industrial automation should be aware of this risk. Given the lack of known exploits, the immediate threat level is moderate, but unpatched systems could face stability issues over time, especially in environments with high network traffic or long uptimes.

To mitigate CVE-2022-49367, European organizations should: 1) Identify Linux systems using the mv88e6xxx DSA driver, particularly those running kernel versions around the affected commit. 2) Apply the official Linux kernel patches that add the missing of_node_put() call to the mv88e6xxx_mdios_register function as soon as they become available from trusted sources or Linux distributions. 3) For systems where patching the kernel is not immediately feasible, implement monitoring of kernel memory usage and system logs to detect early signs of resource leaks or instability. 4) Consider rebooting affected systems periodically as a temporary measure to clear leaked references and free kernel memory. 5) Engage with hardware vendors or Linux distribution maintainers to obtain updated kernel packages incorporating the fix. 6) Maintain a robust incident response plan to handle potential service disruptions caused by this vulnerability. These steps go beyond generic advice by focusing on identifying specific affected drivers, monitoring kernel resource usage, and coordinating with vendors for timely patching.