Vulnerability DatabaseCVE-2022-49243

CVE-2022-49243:
Linux Kernel vulnerability analysis and mitigation

Overview

CVE-2022-49243 is a vulnerability in the Linux kernel's ASoC (ALSA System on Chip) Atmel driver. The issue was discovered in the at91sam9g20ekaudioprobe function where there was a missing ofnodeput() call, leading to a reference count leak. This vulnerability was first disclosed on February 26, 2025 (NVD).

Technical details

The vulnerability exists in the sound/soc/atmel/sam9g20wm8731.c file, specifically in the at91sam9g20ekaudioprobe function. The issue occurs because a node pointer returned by ofparsephandle() with an incremented reference count wasn't properly released, causing a reference count leak. The fix involves adding an ofnodeput(codecnp) call before returning from the error path (Kernel Commit).

Impact

The vulnerability results in a kernel memory leak due to improper reference counting. While the immediate impact is a memory leak, continued exploitation could potentially lead to resource exhaustion in the kernel.

Mitigation and workarounds

The issue has been fixed by adding the missing ofnodeput() call in the error path of at91sam9g20ekaudioprobe function. The fix was committed to the Linux kernel and backported to various stable kernel versions (Kernel Fix).