CVE-2022-49367: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49367 affects the Linux kernel, specifically involving a refcount leak in the mv88e6xxxmdiosregister function. The vulnerability occurs because ofgetchildbyname() returns a node pointer with refcount incremented, but the code was missing the necessary ofnodeput() call when done with the device node (Kernel Git).

The technical issue lies in the mv88e6xxxmdioregister() function which passes the device node to ofmdiobusregister(). After this operation, the device node is no longer needed, but the code failed to call ofnodeput() to properly decrement the reference count. This oversight results in a reference count leak in the kernel's memory management system (Kernel Git).

The vulnerability results in a reference count leak in the Linux kernel's memory management system, which could potentially lead to resource exhaustion over time. This affects systems using the mv88e6xxx DSA (Distributed Switch Architecture) driver (NVD).

The issue has been fixed by adding the missing ofnodeput() call after mv88e6xxxmdioregister(). The fix has been incorporated into various Linux kernel versions. Users should update their kernel to a patched version (Kernel Git).