CVE-2022-49719 is a vulnerability identified in the Linux kernel specifically within the irqchip/gic/realview component. The issue arises from a reference count leak in the function realview_gic_of_init. The root cause is that the function of_find_matching_node_and_match() returns a device tree node pointer with its reference count incremented, but the corresponding decrement function of_node_put() was not called when the node was no longer needed. This omission leads to a reference count leak, which can cause resource exhaustion over time. The vulnerability is related to improper management of kernel object lifetimes, specifically device tree nodes used in the initialization of the Generic Interrupt Controller (GIC) on RealView platforms. Although this is a memory/resource management issue rather than a direct code execution or privilege escalation flaw, it can degrade system stability and potentially lead to denial of service (DoS) conditions if exploited or triggered repeatedly. The vulnerability affects certain Linux kernel versions identified by the commit hash 82b0a434b436f5da69ddd24bd6a6fa5dc4484310. There are no known exploits in the wild, and no CVSS score has been assigned yet. The fix involves adding the missing of_node_put() call to properly decrement the reference count and prevent the leak.

For European organizations, the impact of CVE-2022-49719 is primarily related to system reliability and availability. Systems running affected Linux kernel versions on hardware platforms using the RealView GIC interrupt controller may experience resource leaks that degrade performance or cause kernel instability over time. This could lead to unexpected system crashes or reboots, impacting critical infrastructure, servers, or embedded devices. While this vulnerability does not directly expose confidentiality or integrity risks, the resulting denial of service conditions could disrupt business operations, especially in environments relying on Linux-based embedded systems or specialized hardware. Organizations in sectors such as telecommunications, manufacturing, or critical infrastructure that deploy Linux on ARM-based or RealView platforms should be particularly aware. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to potential future exploitation or accidental triggering of the leak.

To mitigate this vulnerability, European organizations should: 1) Identify and inventory all Linux systems running kernel versions that include the affected commit hash or earlier versions lacking the fix. 2) Apply the official Linux kernel patches that add the missing of_node_put() call to the irqchip/gic/realview driver code. This may require updating the kernel to a fixed version provided by the Linux vendor or distribution. 3) For embedded or specialized devices where kernel updates are challenging, coordinate with hardware or device vendors to obtain patched firmware or kernel images. 4) Monitor system logs and kernel metrics for signs of resource leaks or instability that could indicate the vulnerability is being triggered. 5) Implement robust system monitoring and automated reboot or failover mechanisms to minimize operational impact in case of instability. 6) Maintain an up-to-date asset management and patching process to quickly address similar kernel vulnerabilities in the future. These steps go beyond generic advice by emphasizing hardware platform identification, vendor coordination, and proactive monitoring specific to this kernel component.