CVE-2022-49714: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49714 is a vulnerability in the Linux kernel's irqchip/realtek-rtl component, specifically related to a refcount leak in the mapinterrupts function. The vulnerability was discovered and disclosed in 2022, affecting Linux kernel versions from 5.12 to 5.18.6 and 5.16 to 5.18.6. The issue occurs because the offindnodebyphandle() function returns a node pointer with refcount incremented, but the function doesn't properly call ofnode_put() in the error path (NVD).

The vulnerability stems from a reference counting issue in the Linux kernel's Realtek RTL838x/RTL839x interrupt controller driver. The map_interrupts function failed to properly release the reference count on error paths when handling device tree nodes. The severity of this vulnerability has been assessed with a CVSS v3.1 Base Score of 5.5 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a reference count leak in the kernel, which could potentially result in resource exhaustion. The CVSS scoring indicates that while the vulnerability requires local access and low privileges, it could have a high impact on system availability (NVD).

The vulnerability has been patched by calling ofnodeput() directly after ofpropertyread_u32() to cover both normal path and error path. The fix was implemented in the Linux kernel through a patch that properly manages the reference counting (Kernel Patch).