CVE-2022-49016

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to an unbalanced node reference count in the Linux kernel's net component, specifically in the mdiobus subsystem. This can lead to a memory leak. The problem occurs when the fwnode is not an ACPI node, and the reference count is incremented in fwnode mdiobus phy device register(), but never decremented when the device is freed. To fix this, fwnode handle put() is called in phy device release(). If the fwnode is an ACPI node, the reference count is not incremented, but it is decremented in the error path, so fwnode handle get() is called before phy device register() to balance the get/put operation. The estimated number of potentially affected devices is not provided.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the unbalanced node reference count in the mdiobus subsystem. At the moment, there is no information about a newer version that contains a fix for this vulnerability.