CVE-2022-49117: 
Linux Debian vulnerability analysis and mitigation

CVE-2022-49117 is a vulnerability in the Linux kernel that was discovered in the MIPS Ralink driver. The issue involves a reference count leak in the illaccofsetup() function where ofnode_put(np) was not being called when pdev is NULL. This vulnerability affects multiple versions of the Linux kernel from version 5.5 through 5.17.3 (NVD).

The vulnerability is a reference count leak in the MIPS Ralink driver's illaccofsetup() function. The issue occurs when the function fails to properly release a reference count by not calling ofnode_put(np) in the error path when pdev is NULL. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access is required and the primary impact is to availability (NVD).

The reference count leak could lead to resource exhaustion and potential system instability. The vulnerability affects system availability but does not impact confidentiality or integrity. The CVSS score indicates that while the vulnerability requires local access, it could potentially cause a high impact on system availability (NVD).

The vulnerability has been fixed in the Linux kernel through a patch that adds the missing ofnodeput(np) call when pdev is NULL. The fix has been backported to affected stable kernel versions. Ubuntu and Debian have released updates to address this vulnerability in their respective kernel packages (Ubuntu, Debian).