CVE-2022-49922 is a vulnerability identified in the Linux kernel's NFC (Near Field Communication) subsystem, specifically within the nfcmrvl driver that handles Marvell NFC controllers over I2C. The flaw exists in the function nfcmrvl_i2c_nci_send(), which is responsible for sending data packets (skb buffers) over the I2C bus. The vulnerability arises because nfcmrvl_i2c_nci_send() does not free the skb buffer if the underlying i2c_master_send() call fails (i.e., returns a negative value). Instead, skb is only freed when i2c_master_send() returns a non-negative value, leading to a potential memory leak when the send operation fails. This improper resource management can cause the kernel to consume increasing amounts of memory over time if the failure condition is triggered repeatedly. Although this is not a direct code execution or privilege escalation vulnerability, memory leaks in kernel space can degrade system stability and availability, potentially leading to denial of service (DoS) conditions. The vulnerability affects specific Linux kernel versions identified by the commit hash b5b3e23e4cace008e1a30e8614a484d14dfd07a1 and was publicly disclosed on May 1, 2025. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The fix involves ensuring that the skb buffer is freed regardless of the success or failure of the i2c_master_send() call, preventing memory leaks in all cases.

For European organizations, this vulnerability primarily poses a risk to systems that utilize Linux kernels with the affected nfcmrvl NFC driver, particularly those employing NFC hardware interfaced via I2C. The impact is mainly on system stability and availability rather than confidentiality or integrity. In environments where NFC is critical—such as contactless payment systems, secure access control, or industrial IoT devices—repeated triggering of this memory leak could degrade performance or cause kernel crashes, resulting in denial of service. This could disrupt business operations, especially in sectors relying on NFC technology for authentication or transaction processing. While exploitation does not appear trivial and requires conditions that cause i2c_master_send() failures, persistent triggering could be leveraged by attackers with local access or through crafted NFC interactions to induce system instability. Given the widespread use of Linux in European enterprise and industrial environments, unpatched systems could face operational risks, particularly in critical infrastructure, manufacturing, and financial services where NFC-enabled devices are deployed.

Organizations should prioritize updating their Linux kernel to versions where this vulnerability is patched, ensuring that the nfcmrvl driver correctly frees skb buffers regardless of i2c_master_send() outcomes. Kernel updates should be sourced from trusted vendors or distributions that have incorporated the fix. For systems where immediate patching is not feasible, monitoring kernel logs for repeated i2c_master_send() failures and unusual memory consumption patterns related to NFC operations can help detect potential exploitation attempts. Additionally, limiting NFC device usage to trusted environments and restricting local access to systems with NFC hardware can reduce the risk of triggering this vulnerability. Security teams should also review NFC-related configurations and consider disabling NFC interfaces on critical systems if not required. Finally, integrating this vulnerability into vulnerability management and patching workflows will ensure timely remediation as part of routine Linux kernel updates.