CVE-2022-49473 is a vulnerability identified in the Linux kernel specifically related to the ALSA System on Chip (ASoC) layer for the Texas Instruments (TI) J721E Evaluation Module (j721e-evm). The issue arises from improper reference count management in the function j721e_soc_probe_*, where the function of_parse_phandle() returns a device tree node pointer with its reference count incremented. However, the code fails to call of_node_put() to decrement the reference count when the node pointer is no longer needed, resulting in a reference count leak. This leak can cause resource exhaustion over time as the kernel accumulates unreleased references to device tree nodes, potentially leading to degraded system performance or instability. The vulnerability is a memory management flaw rather than a direct code execution or privilege escalation issue. It affects specific versions of the Linux kernel that include the affected ASoC driver code for the TI J721E platform. No known exploits are reported in the wild, and no CVSS score has been assigned. The fix involves adding the missing of_node_put() calls to properly balance the reference counting and prevent the leak.

For European organizations, the impact of CVE-2022-49473 is primarily related to system stability and reliability rather than direct security compromise. Organizations using embedded systems or industrial devices based on the TI J721E platform running affected Linux kernel versions could experience gradual resource depletion due to the reference count leak. This could lead to system slowdowns, increased maintenance needs, or unexpected reboots if the kernel runs out of memory or other resources. Critical infrastructure or industrial control systems relying on these devices might face operational disruptions. However, since there is no indication of privilege escalation or remote code execution, the confidentiality and integrity of data are unlikely to be directly affected. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to potential future exploitation or stability issues.

European organizations should prioritize updating their Linux kernel to versions where the patch for CVE-2022-49473 has been applied. Specifically, ensure that the ASoC driver for the TI J721E platform includes the fix that adds the missing of_node_put() calls. For embedded and industrial devices, coordinate with hardware vendors or system integrators to obtain updated firmware or kernel images. Implement monitoring of system resource usage, particularly memory and kernel reference counts, to detect potential leaks early. In environments where immediate patching is not feasible, consider system restarts as a temporary mitigation to clear leaked references and maintain stability. Additionally, conduct thorough testing of updated kernels in controlled environments before deployment to avoid regressions. Maintain an inventory of devices using the affected platform to ensure comprehensive coverage of mitigation efforts.