CVE-2022-49091: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49091 is a memory leak vulnerability discovered in the Linux kernel's DRM (Direct Rendering Manager) subsystem, specifically in the IMX parallel display driver. The vulnerability was identified and fixed in early 2022, affecting the imxpdconnectorgetmodes function in the Linux kernel's display driver component (Kernel Git).

The vulnerability occurs in the drivers/gpu/drm/imx/parallel-display.c file where the display mode variable is not properly freed if the ofgetdrmdisplaymode function fails. This issue was identified by Coverity scan with ID 1443943 as a resource leak. The bug was introduced in commit 76ecd9c9fb24 which added return code checking from ofgetdrmdisplaymode() but failed to handle cleanup properly (Kernel Git).

The vulnerability results in a memory leak in the Linux kernel's display subsystem. While memory leaks in kernel space can potentially lead to system resource exhaustion over time, this particular issue has limited impact as it only occurs under specific error conditions when initializing IMX parallel displays (Debian Tracker).

The vulnerability has been fixed in multiple Linux kernel versions. The fix involves properly freeing the display mode variable when ofgetdrmdisplaymode fails by adding a drmmodedestroy call. Updated kernel packages are available for various distributions including Debian Bullseye (5.10.234-1), Bookworm (6.1.129-1), and Sid/Trixie (6.12.17-1) (Debian Tracker).