CVE-2022-49821: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49821 is a vulnerability discovered in the Linux kernel, specifically affecting the mISDN (modular ISDN) driver component. The vulnerability was disclosed on May 1, 2025, and involves a potential memory leak in the mISDN_dsp_element_register() function (NVD).

The vulnerability stems from improper memory management in the mISDN driver following changes to the device name allocation mechanism. After commit 1fa5ae857bb1 which modified the driver core's device name allocation, the device name became dynamically allocated, requiring proper reference management through put_device() to ensure memory is freed when the refcount reaches 0 in kobject_cleanup(). The issue also involves the 'entry' object's cleanup being moved to mISDN_dsp_dev_release(), necessitating the removal of a direct kfree() call and proper initialization of list_del() (Wiz, Red Hat).

The vulnerability could result in memory leaks in the Linux kernel, potentially leading to resource exhaustion over time. This could affect system stability and performance in systems using the mISDN driver (Wiz).

The vulnerability has been patched in the Linux kernel. The fix involves proper memory management by using put_device() for reference management and removing redundant kfree() calls. The patch also ensures proper initialization of list operations (Wiz).