CVE-2022-49391 is a vulnerability identified in the Linux kernel specifically within the remoteproc subsystem's MediaTek SCP (System Control Processor) driver component (mtk_scp). The issue arises from improper memory management where the 'scp->rproc' resource, allocated using devm_rproc_alloc(), is erroneously freed explicitly during the driver's remove function. Since devm_rproc_alloc() uses device-managed memory allocation, the resource is automatically freed when the device is detached, making the explicit free operation redundant and leading to a potential double free condition. A double free vulnerability can cause undefined behavior including memory corruption, system crashes, or potential exploitation vectors for privilege escalation or denial of service. However, this vulnerability is related to the driver removal process, which typically requires administrative privileges and specific conditions to trigger. There are no known exploits in the wild, and no CVSS score has been assigned yet. The fix involves removing the explicit free call to prevent the double free scenario, ensuring proper memory management within the remoteproc MediaTek SCP driver.

For European organizations, the impact of CVE-2022-49391 is generally limited but should not be dismissed. Since the vulnerability affects a specific Linux kernel driver related to MediaTek SCP remote processors, its exploitation would require local access with sufficient privileges to unload or remove the driver module. This limits the attack surface primarily to scenarios where an attacker has already gained some level of system access. Potential impacts include system instability or crashes (denial of service) and, in a worst-case scenario, exploitation of memory corruption to escalate privileges or execute arbitrary code. Organizations running Linux systems with MediaTek hardware components or embedded devices using this driver could be at risk. This is particularly relevant for sectors relying on embedded Linux systems such as telecommunications, industrial control systems, and IoT devices prevalent in European critical infrastructure. The absence of known exploits and the requirement for local privileged access reduce the immediate threat level, but the vulnerability could be leveraged in multi-stage attacks or insider threat scenarios.

To mitigate CVE-2022-49391, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available, ensuring the removal of the explicit free call in the mtk_scp driver. 2) Audit systems to identify the presence of MediaTek SCP drivers and assess whether they are in use or can be disabled if unnecessary. 3) Restrict local administrative access to trusted personnel only, minimizing the risk of unauthorized driver removal or manipulation. 4) Implement robust monitoring for unusual kernel module unload or reload activities, which could indicate exploitation attempts. 5) For embedded or IoT devices using affected Linux kernels, coordinate with device vendors for firmware updates or patches. 6) Employ system integrity verification tools to detect memory corruption or abnormal kernel behavior. These steps go beyond generic advice by focusing on the specific driver and operational context of the vulnerability.