CVE-2022-49242: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49242 affects the Linux kernel's ASoC (ALSA System on Chip) MXS audio driver. The vulnerability was discovered in the mxssgtl5000probe function's error handling path. The issue occurs when the function only calls ofnodeput() in the regular path, causing a reference count leak in error paths. Specifically, when codecnp is NULL but saifnp[0] and saif_np[1] are not NULL, it results in memory leaks (Kernel Git).

The vulnerability exists in the mxssgtl5000probe function within the Linux kernel's sound/soc/mxs/mxs-sgtl5000.c file. The issue stems from improper reference counting in error handling paths where ofnodeput() is not called for all allocated resources. The function fails to release the reference counts for saifnp[0] and saifnp[1] when codecnp is NULL, leading to resource leaks. The fix involves adding proper cleanup calls to ofnodeput() for all three pointers (codecnp, saifnp[0], and saifnp[1]) in the error path (Kernel Git).

The vulnerability results in memory leaks in the Linux kernel's audio subsystem. When triggered, it can cause gradual system resource depletion, potentially affecting system stability and performance over time (Kernel Git).

The issue has been fixed in the Linux kernel through a patch that properly releases resources in error paths. The fix adds appropriate ofnodeput() calls for all allocated resources. Users should update their Linux kernel to a version containing the fix (Kernel Git).