CVE-2022-49342: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49342 is a vulnerability in the Linux kernel affecting the network ethernet bgmac driver. The issue was discovered in February 2025 and involves a refcount leak in the bcmamdiomii_register function. The vulnerability affects Linux kernel versions from 4.8 through 5.18.4, including version 5.19-rc1 (NVD).

The vulnerability stems from improper reference counting in the bgmac driver's MDIO registration code. Specifically, the ofgetchildbyname() function returns a node pointer with an incremented refcount, but the code failed to call ofnodeput() when the pointer was no longer needed. This oversight resulted in a reference count leak. The issue was fixed by adding the missing ofnodeput() call after the ofmdiobusregister function call. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability could lead to resource leaks in the Linux kernel's memory management system. While the impact is primarily related to system resource management rather than security exploitation, it could potentially contribute to system instability or degraded performance over time (NVD).

The vulnerability has been patched in the Linux kernel. The fix involves adding a single line of code to properly release the reference count using ofnodeput(np) after the mdiobus registration. Users should update their Linux kernel to a version that includes the fix. The patch has been committed to the kernel codebase and is available in updated kernel versions (Kernel Patch).