CVE-2022-49716 is a vulnerability identified in the Linux kernel, specifically within the irqchip/gic-v3 driver component responsible for managing interrupt controllers on ARM architectures. The issue arises from improper error handling related to reference counting of device tree nodes. The function of_get_child_by_name() returns a node pointer with an incremented reference count, which must be decremented using of_node_put() when the node is no longer needed. However, in the vulnerable code path, when a memory allocation failure occurs (kcalloc fails), the code neglects to call of_node_put(), resulting in a reference count leak. This leak can cause resource exhaustion over time, potentially leading to system instability or denial of service. The fix involves adding a goto statement to the out_put_node label to ensure proper decrementing of the reference count even when allocation fails. This vulnerability is a memory/resource management flaw rather than a direct code execution or privilege escalation issue. It affects specific Linux kernel versions identified by the commit hashes provided. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.

For European organizations, the primary impact of CVE-2022-49716 is related to system stability and availability, particularly for those running Linux on ARM-based platforms using the GICv3 interrupt controller, such as embedded systems, IoT devices, or specialized servers. Resource leaks can accumulate over time, potentially causing kernel crashes or degraded performance, which could disrupt critical services or industrial control systems. While this vulnerability does not directly expose confidentiality or integrity risks, the resulting denial of service could impact operational continuity. Organizations relying on Linux kernel versions containing this flaw should be aware of the risk of intermittent failures or crashes, especially in environments where uptime is critical. Since no active exploits are known, the immediate risk is moderate, but unpatched systems remain vulnerable to potential future exploitation or accidental system failures.

European organizations should prioritize applying the official Linux kernel patches that address this reference count leak in the irqchip/gic-v3 driver. Since the vulnerability is related to kernel code, updating to a fixed kernel version is the most effective mitigation. For environments where immediate patching is not feasible, monitoring system logs for kernel warnings or errors related to irqchip or device tree nodes can help detect early signs of resource leaks. Additionally, implementing robust system monitoring and automated reboot policies can mitigate the impact of potential kernel instability. Organizations should also review their use of ARM-based Linux systems and consider isolating critical workloads or deploying redundancy to minimize service disruption. Engaging with Linux distribution vendors for timely updates and security advisories is recommended to ensure patches are applied promptly.