CVE-2022-49668: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49668 affects the Linux kernel's PM/devfreq component, specifically in the exynos-ppmu driver. The vulnerability was discovered in the ofgetdevfreq_events function where a reference count leak occurs. The issue was disclosed and has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) (NVD).

The vulnerability stems from improper reference counting in the ofgetdevfreqevents function within the exynos-ppmu driver. The ofgetchildbyname() function returns a node pointer with an incremented reference count, but the code only calls ofnode_put() in the normal execution path, missing it in error paths. This oversight leads to a reference count leak (Kernel Patch).

The vulnerability has been assessed with a CVSS v3.1 base score of 5.5 (MEDIUM), indicating moderate severity. The issue affects local system availability, as reference count leaks can lead to resource exhaustion over time (NVD).

The issue has been fixed by adding missing ofnodeput() calls in the error paths. The fix has been implemented in multiple kernel versions through patches. Users should update to patched kernel versions that include the fix (Kernel Patch).