CVE-2022-49719: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49719 is a vulnerability in the Linux kernel's irqchip/gic/realview component, discovered and disclosed in February 2025. The vulnerability specifically affects the realviewgicofinit function where a refcount leak occurs due to missing ofnodeput() call after offindmatchingnodeandmatch() returns a node pointer with refcount incremented (NVD).

The vulnerability is a reference counting issue in the Linux kernel's RealView GIC (Generic Interrupt Controller) initialization code. The function realviewgicofinit fails to properly manage reference counts when handling node pointers returned by offindmatchingnodeandmatch(). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The refcount leak in the RealView GIC initialization code could potentially lead to resource management issues in the Linux kernel. While there is no direct impact on confidentiality or integrity, the vulnerability could affect system availability due to improper resource management (NVD).

The vulnerability has been fixed by adding the missing ofnodeput(np) call in the realviewgicof_init function. The fix has been implemented across multiple Linux kernel versions, including versions 4.10 through 5.19. Users should update to the patched versions of the Linux kernel to address this vulnerability (Kernel Patch).