CVE-2022-49128: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49128 is a vulnerability in the Linux kernel's DRM (Direct Rendering Manager) bridge component. The issue was discovered in January 2022 and relates to a missing pm_runtime_put_sync call in the nwl-dsi driver. The vulnerability affects various Linux distributions including Ubuntu and Debian systems running affected kernel versions (Debian Tracker, Ubuntu Security).

The vulnerability stems from an implementation flaw where pm_runtime_get_sync() increases the runtime PM counter even when it returns an error, without a corresponding decrement operation. This creates a potential reference count leak in the DRM bridge subsystem. The fix involves replacing the pm_runtime_get_sync() API with pm_runtime_resume_and_get(), which does not modify the runtime PM counter on error, and adding a matching decrement on the error handling path to maintain counter balance (Kernel Commit).

The vulnerability could lead to a reference count leak in the kernel's power management subsystem, potentially affecting system stability and resource management for display-related components (Ubuntu Security).

The issue has been fixed in the Linux kernel through a patch that properly handles the runtime PM counter. Various distributions have incorporated the fix, including Debian's bookworm release (6.1.129-1) and newer versions. Ubuntu has marked this as a medium priority issue and is working on updates for affected versions (Debian Tracker, Ubuntu Security).