CVE-2022-49314: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49314 is a vulnerability in the Linux kernel's TTY subsystem, specifically in the icom_probe function. The vulnerability was discovered and disclosed in February 2025, affecting the Linux kernel's serial driver implementation. The issue involves a potential resource leak in the icom_probe function when pci_read_config_dword fails (NVD).

The vulnerability occurs in the drivers/tty/serial/icom.c file where a resource leak can happen during PCI device initialization. When pci_read_config_dword fails, the function previously returned without properly releasing allocated resources. The fix involves modifying the error handling path to call pci_release_regions() and pci_disable_device() to properly recycle the previously allocated resources (Kernel Commit).

The vulnerability could lead to resource leaks in the Linux kernel when handling PCI device initialization for serial devices. This could potentially result in system resource exhaustion over time if the affected code path is triggered repeatedly (NVD).

The issue has been fixed in the Linux kernel through a patch that properly handles resource cleanup in the error path. System administrators should update to the patched kernel version that includes the fix. The patch modifies the error handling to ensure proper resource cleanup by using goto probe_exit0 instead of directly returning on error (Kernel Commit).