CVE-2022-49185: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49185 is a vulnerability in the Linux kernel's pinctrl nomadik driver, discovered and disclosed in February 2025. The issue specifically affects the nmkpinctrlprobe function in the Linux kernel's pinctrl subsystem. The vulnerability stems from a missing ofnodeput() call in the driver, which leads to a reference count leak (NVD).

The vulnerability occurs in the nmkpinctrlprobe function where a node pointer returned by ofparsephandle() has its reference count incremented but not properly decremented. The issue specifically relates to the handling of the prcm node in the Device Tree. The bug was introduced in commit 32e67eee670e which added functionality to extract prcm_base from the Device Tree (Kernel Commit).

The vulnerability results in a reference count leak in the kernel's memory management system. While this type of issue typically leads to memory leaks, the direct impact is relatively minor as it only occurs during the driver probe phase (NVD).

The issue has been fixed by adding the missing ofnodeput(prcmnp) call after the ofiomap operation. The fix has been implemented in various kernel versions through backporting of the original patch. Debian has marked this as fixed in versions 5.10.223-1, 6.1.129-1, and 6.12.17-1 (Debian Security).