CVE-2022-49468: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49468 is a memory leak vulnerability discovered in the Linux kernel's thermal subsystem, specifically in the _thermalcoolingdeviceregister() function. The vulnerability was identified during fault injection testing and affects the thermal core component. When deviceregister() fails, the memory allocated in thermalcoolingdevicesetup_sysfs() is not properly freed, leading to a memory leak (Red Hat CVE).

The vulnerability occurs in the Linux kernel's thermal core component when registering a thermal cooling device. The issue manifests when deviceregister() fails, and thermalcoolingdevicedestroysysfs() is not called to free the memory allocated in thermalcoolingdevicesetup_sysfs(). The memory leak involves an unreferenced object of size 264312 bytes. The CVSS v3 score for this vulnerability is 5.5, indicating moderate severity (Red Hat CVE).

The vulnerability results in a memory leak in the Linux kernel's thermal management system. While memory leaks don't typically lead to immediate system compromise, they can cause system performance degradation over time and potentially lead to resource exhaustion if the leak occurs repeatedly (Red Hat CVE).

The issue has been fixed by adding a call to thermalcoolingdevicedestroysysfs(cdev) before freeing the device type and putting the device. The fix was implemented in the Linux kernel and is available through system updates. The patch ensures proper cleanup of allocated resources when device registration fails (Kernel Git).