CVE-2022-49874 is a vulnerability identified in the Linux kernel's Human Interface Device (HID) subsystem, specifically within the Hyper-V mouse driver component (mousevsc_probe function). The issue arises from improper error handling during device initialization: if the function hid_add_device() returns an error, the allocated device structure (hid_dev) is not properly freed because hid_destroy_device() is not called. This leads to a potential memory leak. The vulnerability is rooted in resource management flaws where allocated memory is not released upon failure, which can cause gradual memory exhaustion on affected systems. Although this is not a direct code execution or privilege escalation vulnerability, the memory leak can degrade system performance or stability over time, especially on systems that frequently initialize or reinitialize HID devices under Hyper-V virtualization environments. The flaw affects Linux kernel versions identified by the commit hash 74c4fb058083b47571a4f76dcfce95085f2d8098, indicating a specific code state before the fix was applied. The vulnerability has been publicly disclosed but there are no known exploits in the wild at this time. The fix involves ensuring that hid_destroy_device() is called to properly free the allocated device structure when hid_add_device() fails, thus preventing the memory leak. This vulnerability is relevant primarily to Linux systems running as guests on Microsoft Hyper-V hypervisors that utilize the mousevsc driver for input device handling.

For European organizations, the impact of CVE-2022-49874 is primarily related to system stability and resource management rather than direct compromise of confidentiality or integrity. Organizations running Linux virtual machines on Hyper-V infrastructure may experience gradual memory consumption increases due to the leak, potentially leading to degraded performance or system crashes if the leak accumulates over time. This can affect critical services hosted on such VMs, causing downtime or reduced availability. While the vulnerability does not enable remote code execution or privilege escalation, the indirect impact on availability could disrupt business operations, especially in environments with high VM density or frequent device initialization events. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to potential future exploitation or operational issues. European enterprises relying on Linux-based virtualized environments in Hyper-V, such as cloud providers, data centers, and large IT infrastructures, should consider this vulnerability in their risk assessments.

To mitigate CVE-2022-49874, organizations should promptly apply the official Linux kernel patches that address the memory leak in the mousevsc_probe function. Specifically, ensure that the Linux kernel version in use includes the fix where hid_destroy_device() is called upon hid_add_device() failure. For environments where immediate patching is not feasible, monitoring system memory usage on Linux VMs running on Hyper-V can help detect abnormal memory consumption trends indicative of the leak. Additionally, limiting unnecessary device initialization or reinitialization events can reduce exposure. Organizations should also review their VM provisioning and lifecycle management processes to minimize frequent HID device probing. Employing kernel live patching solutions, if available, can reduce downtime associated with patch deployment. Finally, maintaining up-to-date Linux kernel versions and Hyper-V integration components will help prevent similar resource management issues.