CVE-2022-49455 is a vulnerability identified in the Linux kernel specifically within the misc subsystem's OpenCAPI Accelerator (ocxl) driver. The flaw relates to improper memory management, where a double free condition can occur in the function ocxl_file_register_afu. The root cause is that the info_release() function is invoked during device_unregister() when the device's reference count reaches zero, which already handles the release of resources. However, the vulnerable code erroneously calls ocxl_afu_put() and kfree() again, leading to a potential double free of memory. This can cause undefined behavior including kernel crashes, memory corruption, or potentially exploitable conditions for privilege escalation or denial of service. The fix involves adding a free_minor() call and returning early on the err_unregister error path to prevent the double free. This vulnerability affects specific Linux kernel versions identified by commit hashes, indicating it is present in certain recent or development builds of the kernel. No known exploits have been reported in the wild to date, and no CVSS score has been assigned yet. The vulnerability is technical and low-level, impacting kernel memory management in a specialized driver module for hardware accelerators using the OpenCAPI interface.

For European organizations, the impact of CVE-2022-49455 depends largely on the deployment of Linux systems running affected kernel versions with the ocxl driver enabled. Organizations utilizing Linux servers or infrastructure with OpenCAPI accelerator hardware could face risks of system instability or crashes due to kernel memory corruption. Although no active exploits are known, the vulnerability could be leveraged by attackers with local access to cause denial of service or potentially escalate privileges if combined with other vulnerabilities. This poses a risk to data center operations, cloud service providers, and enterprises relying on Linux-based high-performance computing or specialized hardware acceleration. The impact on confidentiality is limited unless exploited in a chained attack, but integrity and availability could be significantly affected. Given the technical nature, exploitation requires local access and specific hardware, limiting the attack surface but not eliminating risk for targeted attacks.

European organizations should first identify if their Linux systems run kernel versions containing the vulnerable ocxl driver code, particularly if they use OpenCAPI accelerator hardware. Applying the official Linux kernel patches that fix this double free vulnerability is the primary mitigation step. If patching is not immediately feasible, disabling the ocxl driver or unloading the module can reduce exposure. System administrators should monitor kernel logs for unusual crashes or memory errors related to ocxl. Implementing strict access controls to limit local user privileges and prevent unauthorized local access reduces the risk of exploitation. Additionally, organizations should maintain up-to-date kernel versions and subscribe to Linux security advisories to promptly apply future fixes. For critical systems, consider isolating hardware accelerators or using virtualization/containerization to limit kernel-level attack impact.