
Cloud Vulnerability DB
A community-led vulnerabilities database
CVE-2022-49718 is a vulnerability discovered in the Linux kernel affecting the irqchip/apple-aic component. The issue involves a reference count leak in the aicoficinit function. The vulnerability was introduced through a missing ofnodeput() call after using ofgetchildby_name(), which returns a node pointer with an incremented reference count (Kernel Git).
The vulnerability stems from a reference count leak in the Linux kernel's Apple Interrupt Controller (AIC) driver. Specifically, the aicoficinit function failed to properly release the reference count on a device tree node obtained through ofgetchildbyname(). This was fixed by adding a missing ofnode_put(affs) call to properly release the reference count. The fix was implemented in commit 3d45670fab3c25a7452721e4588cc95c51cda134 (Kernel Git).
The reference count leak could potentially lead to memory resource exhaustion over time as system resources are not properly freed. This affects systems using the Apple Interrupt Controller driver in the Linux kernel (Debian Tracker).
The vulnerability has been fixed in Linux kernel version 5.19-rc3 through the addition of the missing ofnodeput() call. Users should upgrade to a patched kernel version that includes the fix. For Debian systems, fixed versions are available in bullseye (5.10.234-1) and bookworm (6.1.129-1) (Debian Tracker).
Source: This report was generated using AI
Free Vulnerability Assessment
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
"We know that if Wiz identifies something as critical, it actually is."