CVE-2022-49213: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49213 is a vulnerability in the Linux kernel affecting the ath10k driver's error handling in ath10ksetupmsaresources function. The vulnerability was disclosed on February 26, 2025. The issue occurs because the devicenode pointer returned by ofparsephandle() has its refcount incremented, but the function only calls ofnodeput() in the regular path, causing a potential reference count leak in the error path (Kernel Commit).

The vulnerability exists in the ath10k driver's snoc.c file, specifically in the ath10ksetupmsaresources function. The issue stems from improper reference counting where ofnodeput() is only called in the regular execution path but not in the error path, leading to a potential reference count leak. This was fixed by moving the ofnode_put() call before the error check to ensure proper cleanup in all execution paths (Kernel Commit).

The vulnerability could result in a reference count leak in the Linux kernel's memory management system. While the direct impact is a memory leak, this could potentially lead to resource exhaustion over time (NVD).

The issue has been fixed in the Linux kernel through a patch that properly handles the reference counting by moving the ofnodeput() call before the error check. Users should update their systems to a patched kernel version. Various Linux distributions have incorporated the fix, including Ubuntu which has marked it as 'fixed' in newer releases (Ubuntu Security).