CVE-2022-49716: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49716 is a vulnerability in the Linux kernel's GIC-v3 (Generic Interrupt Controller version 3) implementation. The issue was discovered in the gicpopulateppipartitions function where ofgetchildby_name() returns a node pointer with refcount incremented, but fails to properly handle the reference count when kcalloc fails, resulting in a memory leak (NVD). The vulnerability affects Linux kernel versions from 5.5 through 5.15.49.

The vulnerability exists in the error handling path of the gicpopulateppipartitions function in the Linux kernel's GIC-v3 driver. When kcalloc fails, the code was missing a call to ofnodeput() to properly release the reference count on the node pointer, leading to a memory leak. The issue was fixed by adding proper error handling using a goto output_node label. The vulnerability has a CVSS v3.1 Base Score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can result in a memory leak in the Linux kernel when the GIC-v3 interrupt controller driver initialization fails. This could potentially lead to resource exhaustion over time, affecting system availability (NVD).

The vulnerability has been patched in the Linux kernel. The fix involves properly handling the reference count by using goto outputnode label when kcalloc fails. Users should update to patched kernel versions. The fix was initially committed upstream as ec8401a429ffee34ccf38cebf3443f8d5ae6cb0d (Kernel Patch).