CVE-2022-49431 is a vulnerability identified in the Linux kernel, specifically within the powerpc architecture's IOMMU (Input-Output Memory Management Unit) initialization code for the DART (Device Address Resolution Table). The issue arises from a missing call to of_node_put() after obtaining a device_node pointer via of_find_compatible_node(). The function of_find_compatible_node() returns a device_node pointer with an incremented reference count, which must be decremented by calling of_node_put() to avoid a reference count leak. Failure to do so results in a resource leak where the reference count on the device node is never decremented, potentially leading to increased memory usage over time. This is a classic resource management bug rather than a direct code execution or privilege escalation vulnerability. The vulnerability affects Linux kernel versions identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, and it was publicly disclosed on February 26, 2025. There are no known exploits in the wild, and no CVSS score has been assigned. The vulnerability is addressed by adding the missing of_node_put() call to properly manage the reference count during iommu_init_early_dart initialization. This fix prevents the reference count leak and ensures proper resource cleanup in the kernel's device tree handling for the PowerPC IOMMU subsystem.

For European organizations, the impact of CVE-2022-49431 is generally low to medium depending on the deployment context. The vulnerability causes a reference count leak in the Linux kernel's PowerPC IOMMU initialization code, which can lead to gradual memory consumption increase and potential resource exhaustion if the affected code path is executed repeatedly over time. This could degrade system stability or cause kernel crashes in extreme cases, impacting availability. However, the vulnerability does not directly allow for privilege escalation, arbitrary code execution, or data confidentiality breaches. Since it is specific to the PowerPC architecture and the IOMMU initialization, it primarily affects systems running Linux on PowerPC hardware, which is less common in mainstream European enterprise environments dominated by x86_64 architectures. Nonetheless, organizations using specialized PowerPC-based embedded systems, networking equipment, or industrial control systems running Linux could be affected. The absence of known exploits and the requirement for specific hardware and kernel configurations limit the immediate risk. Still, unpatched systems may face increased risk of instability or denial of service over time due to resource leaks.

European organizations should take the following specific mitigation steps: 1) Identify and inventory Linux systems running on PowerPC architectures, especially those utilizing IOMMU features such as DART. 2) Apply the official Linux kernel patches that add the missing of_node_put() call to the iommu_init_early_dart function as soon as they become available in their distribution or kernel version. 3) For embedded or specialized devices where kernel updates are not straightforward, coordinate with hardware vendors or system integrators to obtain updated firmware or kernel versions that include the fix. 4) Monitor system logs and kernel memory usage metrics for signs of resource leaks or instability that could indicate exploitation or manifestation of this vulnerability. 5) Implement robust system monitoring and alerting to detect abnormal kernel behavior or crashes. 6) Where feasible, consider architectural changes to reduce reliance on vulnerable PowerPC Linux systems or isolate them within network segments to limit impact. These steps go beyond generic patching advice by emphasizing hardware architecture identification, vendor coordination, and proactive monitoring tailored to this specific vulnerability.