CVE-2022-49793: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49793 is a memory leak vulnerability discovered in the Linux kernel's IIO (Industrial I/O) subsystem, specifically in the iiosysfstriginit() function. The vulnerability was disclosed on May 1, 2025, affecting the Linux kernel's trigger sysfs component. The issue occurs when devsetname() allocates memory for a name but fails to free it when deviceadd() fails (NVD).

The vulnerability exists in the iiosysfstriginit() function where memory allocated by devsetname() is not properly freed in error conditions. A fault injection test revealed this issue, showing an unreferenced object of size 32 bytes in the modprobe process. The memory leak was confirmed through backtrace analysis showing the allocation chain through kmemcachealloc_node and related functions (NVD, Ubuntu).

The vulnerability results in a memory leak in the kernel space, which over time could lead to resource exhaustion. While the immediate impact per instance is small (32 bytes), repeated triggering of this condition could potentially affect system stability and performance (Wiz).

The vulnerability has been resolved in the Linux kernel by implementing proper memory cleanup procedures. The fix involves calling putdevice() to release the reference when deviceadd() fails, ensuring proper memory deallocation through kobject_cleanup() when the refcount reaches zero. Multiple Linux distributions have released patches, including Ubuntu which has fixed versions available for various releases (Ubuntu).