CVE-2022-49714 is a vulnerability identified in the Linux kernel, specifically within the irqchip/realtek-rtl driver code. The issue arises from a reference count leak related to the handling of device tree nodes in the function of_find_node_by_phandle(). This function returns a pointer to a device tree node with its reference count incremented, which requires a corresponding call to of_node_put() to decrement the reference count once the node is no longer needed. The vulnerability occurs because of_node_put() is not called in the error path after of_property_read_u32(), leading to a reference count leak. Over time, this leak can cause resource exhaustion or instability in the kernel due to unreleased references. The fix involves ensuring that of_node_put() is called immediately after of_property_read_u32(), covering both normal and error execution paths, thereby preventing the leak. This vulnerability affects Linux kernel versions containing the specified commit hashes and is related to the Realtek RTL interrupt controller driver. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.

For European organizations, the impact of CVE-2022-49714 depends largely on their use of Linux systems running affected kernel versions with the Realtek RTL irqchip driver enabled. The vulnerability could lead to kernel instability or denial of service conditions due to resource leaks, potentially affecting critical infrastructure, servers, or embedded devices. Organizations relying on Linux-based systems in telecommunications, industrial control, or networking equipment that use Realtek hardware could see degraded system reliability or unexpected reboots. Although no direct data confidentiality or integrity compromise is indicated, availability could be impacted, which is critical for business continuity and service delivery. Given the ubiquity of Linux in European IT environments, especially in servers and embedded systems, unpatched systems could face operational disruptions. However, the lack of known exploits and the need for specific hardware and kernel configurations somewhat limit the immediate risk.

European organizations should prioritize updating their Linux kernel to the latest patched versions that include the fix for CVE-2022-49714. Specifically, kernel maintainers and system administrators should verify that the Realtek RTL irqchip driver is updated to include the corrected reference counting behavior. For embedded or specialized devices, firmware or kernel updates from vendors should be applied promptly. Additionally, organizations should audit their Linux systems to identify those running affected kernel versions and hardware configurations. Implementing monitoring for kernel stability and resource usage can help detect potential exploitation or impact. Where possible, restricting access to systems with vulnerable kernels and minimizing exposure to untrusted inputs can reduce risk. Coordination with hardware vendors and Linux distribution maintainers is recommended to ensure timely patch deployment.