CVE-2022-49784 is a vulnerability identified in the Linux kernel specifically within the perf subsystem for x86 AMD processors, related to the uncore performance monitoring context management. The flaw arises when a CPU comes online and the kernel frees the per-CPU Northbridge (NB) and Last Level Cache (LLC) uncore contexts but neglects to free the associated events array within the context structure. This omission results in a memory leak, as detected by the kernel memory leak detector (kmemleak). The vulnerability is rooted in the amd_uncore_cpu_up_prepare function, which is responsible for preparing uncore performance monitoring contexts when CPUs are brought online. The events array, which tracks performance events, remains allocated and unreferenced, causing continuous memory consumption over time. Although this issue does not directly lead to privilege escalation, code execution, or data corruption, the memory leak can degrade system performance and stability, especially on systems with frequent CPU hotplug events or long uptimes. The fix involves explicitly freeing the events array before releasing the uncore context, ensuring proper resource cleanup. This vulnerability affects Linux kernel versions identified by the provided commit hashes and is relevant for systems running AMD x86 processors with perf monitoring enabled. No known exploits are currently reported in the wild, and no CVSS score has been assigned to this vulnerability.

For European organizations, the impact of CVE-2022-49784 is primarily related to system reliability and resource management rather than direct security compromise. Organizations running Linux servers, particularly those utilizing AMD x86 processors in data centers, cloud environments, or critical infrastructure, may experience gradual memory consumption leading to degraded performance or potential system instability over time. This can affect high-availability services, virtualized environments, and performance monitoring operations. While the vulnerability does not enable attackers to gain unauthorized access or execute arbitrary code, the memory leak could indirectly increase operational costs due to more frequent system reboots or maintenance. In environments with dynamic CPU hotplugging (e.g., cloud platforms scaling CPU resources), the leak could accumulate faster, exacerbating the impact. Therefore, European enterprises relying on Linux-based infrastructure should consider this vulnerability in their risk assessments to maintain system health and service continuity.

To mitigate CVE-2022-49784, European organizations should: 1) Apply the official Linux kernel patches that fix the memory leak by ensuring the events array is freed properly during CPU online events. This requires updating to a kernel version that includes the fix or backporting the patch if using long-term support kernels. 2) Monitor system memory usage and kernel logs for signs of memory leaks related to perf subsystem activity, especially on systems with frequent CPU hotplug events. 3) Limit or control CPU hotplug operations where feasible to reduce the frequency of triggering the vulnerable code path. 4) Employ kernel memory leak detection tools such as kmemleak in testing and staging environments to proactively identify similar issues. 5) Coordinate with hardware vendors and Linux distribution maintainers to ensure timely deployment of patched kernels. 6) For critical systems, consider implementing automated kernel update mechanisms to reduce the window of exposure. These steps go beyond generic advice by focusing on operational practices tailored to the nature of this memory leak vulnerability.