CVE-2022-49461: 
Linux Debian vulnerability analysis and mitigation

CVE-2022-49461 is a memory leak vulnerability discovered in the Linux kernel's AMT (Automatic Multicast Tunneling) subsystem. When a gateway receives an advertisement message, it extracts relay information that should be freed afterward, but the advertisement handler fails to do so, resulting in a memory leak (Kernel Git).

The vulnerability exists in the AMT message handling code within the Linux kernel's networking subsystem. The issue stems from the amtadvertisementhandler function not properly freeing relay information after processing advertisement messages. This was introduced by the original commit cbc21dc1cfe9 which added the data plane of the AMT interface (Debian Security).

The vulnerability results in memory leaks in the Linux kernel when processing AMT advertisement messages. While memory leaks don't typically allow for arbitrary code execution, they can lead to resource exhaustion over time, potentially affecting system stability and performance (Ubuntu Security).

The issue has been fixed in the Linux kernel through commit fe29794c3585d039fefebaa2b5a4932a627ad4fd. The fix modifies the advertisement message handling code to properly free the relay information after processing. Various Linux distributions have incorporated this fix into their kernel packages, including Debian which has fixed versions available in bullseye (5.10.234-1) and bookworm (6.1.129-1) (Debian Security).