CVE-2022-49715 is a vulnerability identified in the Linux kernel, specifically within the irqchip/gic-v3 component that manages the Generic Interrupt Controller version 3 (GICv3). The issue stems from a reference count leak caused by improper handling of device tree node pointers returned by the function of_find_node_by_phandle(). This function returns a node pointer with an incremented reference count, which must be decremented using of_node_put() when the node is no longer needed. The vulnerability arises because the Linux kernel code failed to call of_node_put() in certain code paths, leading to a reference count leak. Over time, this leak can cause resource exhaustion in the kernel, potentially leading to degraded system performance or instability. The fix involves adding the missing of_node_put() calls to correctly manage the lifecycle of the node pointers and prevent the leak. This vulnerability affects Linux kernel versions identified by the commit hash e3825ba1af3a27d7522c9f5f929f5a13b8b138ae and possibly others in the same range. There are no known exploits in the wild, and no CVSS score has been assigned yet. The vulnerability is technical and subtle, related to kernel memory management and device tree handling, which are critical for hardware interrupt management on ARM-based systems using GICv3.

For European organizations, the impact of CVE-2022-49715 depends largely on their use of Linux systems running on ARM architectures with GICv3 interrupt controllers, which are common in embedded systems, telecommunications equipment, and some server environments. The reference count leak can lead to kernel resource exhaustion, causing system instability, crashes, or denial of service conditions. This can disrupt critical infrastructure, industrial control systems, or cloud services relying on affected Linux kernels. While the vulnerability does not directly allow privilege escalation or code execution, the resulting instability can be exploited by attackers to cause denial of service or to facilitate further attacks by destabilizing systems. Organizations in sectors such as telecommunications, manufacturing, and cloud service providers in Europe may face operational risks if their Linux-based infrastructure is affected. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to potential future exploitation or accidental system failures.

European organizations should prioritize patching Linux kernels to incorporate the fix that adds the missing of_node_put() calls, thereby preventing the reference count leak. Specifically, they should: 1) Identify all Linux systems running on ARM architectures with GICv3 support, including embedded devices, servers, and network equipment. 2) Apply vendor-provided kernel updates or backport the patch if using custom or older kernels. 3) Monitor system logs and kernel metrics for signs of resource leaks or instability that could indicate exploitation or impact from this vulnerability. 4) Implement strict change management and testing procedures to ensure kernel updates do not disrupt critical services. 5) For embedded or IoT devices that may not receive regular updates, consider network segmentation and access controls to limit exposure. 6) Engage with hardware and software vendors to confirm patch availability and deployment timelines. These steps go beyond generic advice by focusing on ARM/GICv3-specific environments and emphasizing proactive monitoring and vendor coordination.