CVE-2022-49431: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49431 is a vulnerability in the Linux kernel's PowerPC IOMMU implementation, specifically in the iommu_init_early_dart function. The vulnerability was disclosed on February 26, 2025, and affects the PowerPC architecture's DART (Device Address Resolution Table) IOMMU initialization. The issue stems from a missing of_node_put() call, which leads to a reference count leak when handling device node pointers (NVD).

The vulnerability occurs in the arch/powerpc/sysdev/dart_iommu.c file where the device_node pointer returned by of_find_compatible_node has its reference count incremented. The original code failed to properly release this reference count using of_node_put(), resulting in a memory leak. The fix involves adding appropriate of_node_put() calls both in the error path and at the end of the function to ensure proper cleanup of resources (Kernel Commit).

The vulnerability results in a reference count leak in the Linux kernel's memory management system. While this may not lead to immediate system compromise, it could potentially cause memory resource exhaustion over time if the affected code path is repeatedly executed (NVD).

The vulnerability has been patched in the Linux kernel through a commit that adds the missing of_node_put() calls. The fix has been backported to various stable kernel versions. System administrators should update their Linux kernel to a patched version that includes the fix (Kernel Commit).