CVE-2022-49389 is a vulnerability identified in the Linux kernel's USB/IP subsystem, specifically related to a reference count leak in the stub_probe() function. The USB/IP subsystem allows USB devices to be shared over IP networks, enabling remote access to USB devices. The vulnerability arises because the function stub_device_alloc() calls usb_get_dev() to increment the reference count of a USB device structure. However, if stub_probe() subsequently fails, the corresponding usb_put_dev() call, which decrements the reference count and releases the device, is not executed properly. This leads to a reference count leak, meaning the device reference is never released. The fix involves moving the usb_put_dev() call into the sdev_free error path handling to ensure that the reference count is correctly decremented even when stub_probe() fails. This vulnerability was discovered through code review rather than active exploitation. The affected Linux kernel versions include multiple commits identified by their hashes, indicating that the issue spans several versions of the kernel source code. No CVSS score has been assigned yet, and there are no known exploits in the wild. The vulnerability does not appear to directly allow code execution or privilege escalation but can lead to resource leaks within the kernel's USB/IP subsystem, potentially causing degraded system stability or denial of service over time if exploited or triggered repeatedly.

For European organizations, the impact of CVE-2022-49389 is primarily related to system stability and availability. Organizations that rely on Linux servers or workstations utilizing the USB/IP subsystem for remote USB device sharing could experience resource leaks that degrade system performance or cause kernel instability. This could affect critical infrastructure, development environments, or operational technology systems that depend on Linux. While the vulnerability does not directly expose confidentiality or integrity risks, the resulting denial of service or system crashes could disrupt business operations, especially in environments where USB/IP is heavily used for remote device access. Given the widespread use of Linux across European industries, including telecommunications, manufacturing, and research institutions, the vulnerability could have a moderate operational impact if left unpatched. However, since exploitation requires triggering stub_probe() failures and no known exploits exist, the immediate risk is limited but should not be ignored.

European organizations should prioritize updating their Linux kernel to versions where this vulnerability is patched. Specifically, applying the latest stable kernel releases that include the fix for the USB/IP reference count leak is essential. For environments where kernel upgrades are challenging, organizations should audit their use of the USB/IP subsystem and consider disabling it if not required, thereby reducing the attack surface. Monitoring kernel logs for repeated stub_probe() failures or unusual USB/IP subsystem behavior can help detect attempts to trigger the vulnerability. Additionally, implementing strict access controls and network segmentation for systems using USB/IP can limit exposure. Organizations should also ensure robust backup and recovery procedures are in place to mitigate potential disruptions caused by kernel instability. Finally, staying informed through Linux kernel security advisories and promptly applying patches will reduce the window of vulnerability.