CVE-2022-49652 is a vulnerability identified in the Linux kernel specifically related to the Direct Memory Access (DMA) engine subsystem, more precisely within the Texas Instruments (TI) driver for the DRA7x crossbar (ti_dra7_xbar). The issue arises from a reference count leak caused by improper management of device tree node pointers. The function of_parse_phandle() returns a node pointer with its reference count incremented, which requires a corresponding call to of_node_put() to decrement the reference count when the node pointer is no longer needed. The vulnerability exists because the Linux kernel code omitted this necessary call, leading to a reference count leak. Over time, this leak can cause resource exhaustion in the kernel, potentially leading to degraded system performance or instability. While this is not a direct code execution or privilege escalation vulnerability, the leak in kernel resources can be exploited by an attacker with the ability to trigger the affected code path repeatedly, potentially leading to denial of service (DoS) conditions. The vulnerability affects specific versions of the Linux kernel containing the TI DMA engine driver code before the patch was applied. The fix involves adding the missing of_node_put() call to properly manage the lifecycle of the device tree node pointers and prevent the reference count leak. There are no known exploits in the wild for this vulnerability, and no CVSS score has been assigned. The vulnerability requires local access to the system and interaction with the affected driver code to trigger the leak.

For European organizations, the impact of CVE-2022-49652 is primarily related to system stability and availability rather than confidentiality or integrity. Organizations running Linux systems with TI DRA7x hardware or similar embedded devices that use the affected DMA engine driver could experience resource exhaustion leading to kernel instability or crashes if the vulnerability is exploited. This could disrupt critical services, especially in industrial, telecommunications, or embedded environments where such hardware is common. Given the nature of the vulnerability, it is less likely to be exploited remotely without local access or specific conditions to trigger the leak. However, in environments where Linux is used in embedded systems or specialized hardware (e.g., IoT devices, network equipment), the vulnerability could be leveraged to cause denial of service, impacting operational continuity. European organizations with infrastructure relying on these systems should be aware of the potential for service degradation and plan accordingly. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed proactively to prevent future exploitation.

To mitigate CVE-2022-49652, European organizations should: 1) Identify and inventory Linux systems running kernels with the affected TI DMA engine driver, particularly those using TI DRA7x hardware or similar embedded platforms. 2) Apply the official Linux kernel patches that add the missing of_node_put() call to fix the reference count leak as soon as they become available from trusted sources or Linux distributions. 3) For embedded or specialized devices where kernel updates are not straightforward, coordinate with hardware vendors or device manufacturers to obtain firmware or kernel updates addressing this vulnerability. 4) Monitor system logs and kernel metrics for signs of resource exhaustion or instability that could indicate attempts to exploit this leak. 5) Limit local access to systems running the affected kernel versions to trusted personnel only, reducing the risk of exploitation. 6) Implement robust system monitoring and alerting to detect abnormal system behavior that could result from resource leaks. 7) Consider network segmentation and access controls to isolate vulnerable embedded devices from critical infrastructure where possible.