CVE-2022-49757 is a vulnerability identified in the Linux kernel's EDAC (Error Detection and Correction) subsystem, specifically within the highbank_mc_probe() function. The issue arises when the function devres_open_group() fails and returns an -ENOMEM error code, indicating a memory allocation failure. In this failure scenario, the memory previously allocated by edac_mc_alloc() is not freed, resulting in a memory leak. The vulnerability is due to the absence of a call to edac_mc_free() in the error handling path, which would otherwise release the allocated memory. This flaw can lead to gradual memory exhaustion on affected systems, potentially degrading system performance or causing instability over time. The vulnerability has been addressed by ensuring that edac_mc_free() is invoked appropriately when devres_open_group() fails, thus preventing the memory leak. The affected versions are identified by a specific commit hash, indicating that the vulnerability exists in certain Linux kernel builds prior to the fix. There are no known exploits in the wild targeting this vulnerability, and no CVSS score has been assigned yet. The vulnerability is primarily a resource management bug rather than a direct code execution or privilege escalation flaw.

For European organizations relying on Linux-based systems, especially those using kernels with the affected EDAC highbank driver, this vulnerability could lead to memory leaks that degrade system reliability and availability. Over time, the leak could cause increased memory consumption, potentially leading to system slowdowns, crashes, or forced reboots, impacting critical infrastructure or services. Organizations operating servers, embedded systems, or network devices running vulnerable Linux kernels may experience reduced uptime or performance issues. While the vulnerability does not directly compromise confidentiality or integrity, the availability impact could disrupt business operations, particularly in sectors such as telecommunications, manufacturing, or data centers where Linux is prevalent. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to potential future exploitation or accidental system failures due to resource exhaustion.

European organizations should promptly identify Linux systems running kernels containing the vulnerable EDAC highbank driver code. Applying the official Linux kernel patches that fix CVE-2022-49757 is the most effective mitigation. If immediate patching is not feasible, organizations should monitor system memory usage closely on affected hosts to detect abnormal memory growth indicative of leaks. Implementing automated alerts for memory exhaustion thresholds can help preempt system instability. Additionally, organizations should review and update their kernel versions during regular maintenance cycles to incorporate security fixes. For embedded or specialized devices, coordinate with vendors to obtain updated firmware or kernel versions. Avoid running untrusted or unnecessary kernel modules to reduce attack surface. Finally, maintain robust backup and recovery procedures to minimize downtime in case of system failures caused by this or related issues.