CVE-2022-49718 is a vulnerability identified in the Linux kernel specifically within the irqchip/apple-aic driver component. The issue arises from a reference count leak in the function aic_of_ic_init. The root cause is improper handling of device tree node references: the function of_get_child_by_name() returns a node pointer with its reference count incremented, but the code failed to call of_node_put() to decrement the reference count when the node is no longer needed. This omission leads to a reference count leak, which can cause resource exhaustion over time. While this vulnerability does not directly allow code execution or privilege escalation, the leak of kernel object references can degrade system stability and potentially lead to denial of service (DoS) conditions if the kernel runs out of resources. The vulnerability affects Linux kernel versions containing the affected commit a5e8801202b318622ea526aa5625e5f7eceb4d26. The fix involves adding the missing of_node_put() call to properly manage the reference count and prevent the leak. There are no known exploits in the wild at this time, and no CVSS score has been assigned. The vulnerability is technical and low-level, affecting the kernel's device tree management for Apple interrupt controller (AIC) on ARM platforms. Exploitation would require local access to the system and the ability to trigger the vulnerable code path, which is typically during device initialization or reconfiguration.

For European organizations, the impact of CVE-2022-49718 is primarily related to system stability and availability rather than confidentiality or integrity. Organizations running Linux systems with Apple AIC irqchip support—commonly ARM-based devices or embedded systems—may experience kernel resource leaks leading to degraded performance or system crashes over time. This could affect critical infrastructure or embedded devices used in industrial control, telecommunications, or IoT deployments. Although the vulnerability does not enable direct remote exploitation or privilege escalation, persistent resource leaks can cause denial of service, impacting operational continuity. European enterprises relying on ARM-based Linux devices in production environments should be aware of potential stability issues if unpatched. However, the overall risk is moderate given the requirement for local access and the specific hardware dependency. The absence of known exploits reduces immediate threat, but unpatched systems could be vulnerable to future exploitation or accidental DoS conditions.

To mitigate CVE-2022-49718, organizations should apply the official Linux kernel patches that include the fix for the reference count leak in the irqchip/apple-aic driver. Specifically, ensure that the kernel version includes the commit addressing the missing of_node_put() call. For embedded or ARM-based Linux systems, coordinate with hardware vendors or maintainers to obtain updated kernel builds. Additionally, implement monitoring for kernel resource usage and system stability to detect early signs of resource exhaustion. Limit local access to trusted users to reduce the risk of triggering the vulnerable code path. For environments where kernel updates are challenging, consider isolating affected devices or using kernel lockdown features to restrict module loading and device reconfiguration. Regularly review device tree configurations and kernel logs for anomalies related to irqchip initialization. Finally, maintain a robust patch management process to quickly deploy kernel updates when available.