CVE-2022-49468: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49468 is a memory leak vulnerability discovered in the Linux kernel's thermal subsystem, specifically in the __thermal_cooling_device_register() function. The vulnerability was identified during fault injection testing and affects the thermal core component. When device_register() fails, the memory allocated in thermal_cooling_device_setup_sysfs() is not properly freed, leading to a memory leak (Red Hat CVE).

The vulnerability occurs in the Linux kernel's thermal core component when registering a thermal cooling device. The issue manifests when device_register() fails, and thermal_cooling_device_destroy_sysfs() is not called to free the memory allocated in thermal_cooling_device_setup_sysfs(). The memory leak involves an unreferenced object of size 264312 bytes. The CVSS v3 score for this vulnerability is 5.5, indicating moderate severity (Red Hat CVE).

The vulnerability results in a memory leak in the Linux kernel's thermal management system. While memory leaks don't typically lead to immediate system compromise, they can cause system performance degradation over time and potentially lead to resource exhaustion if the leak occurs repeatedly (Red Hat CVE).

The issue has been fixed by adding a call to thermal_cooling_device_destroy_sysfs(cdev) before freeing the device type and putting the device. The fix was implemented in the Linux kernel and is available through system updates. The patch ensures proper cleanup of allocated resources when device registration fails (Kernel Git).