CVE-2022-50109: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-50109 is a vulnerability discovered in the Linux kernel affecting the video framebuffer device (fbdev) subsystem, specifically in the AMBA CLCD driver. The vulnerability was publicly disclosed on June 18, 2025. The issue involves improper reference counting in the clcdfb_of_init_display() function (NVD CVE Detail).

The vulnerability stems from improper reference counting in the clcdfb_of_init_display() function. Specifically, the function fails to properly call of_node_put() for references returned by of_graph_get_next_endpoint() and of_graph_get_remote_port_parent() which have increased the refcount. Additionally, the function should call of_node_put() both in fail paths and when the references are no longer needed (NVD CVE Detail).

The reference count leak could potentially lead to memory leaks in the kernel, which over time might affect system stability and resource availability. The immediate impact appears to be limited as this is primarily a resource management issue (Wiz).

Multiple Linux distributions have released fixes for this vulnerability. Ubuntu has addressed this in various kernel versions: Ubuntu 20.04 LTS (Focal) with Linux 5.4.0-132.148, Ubuntu 18.04 LTS (Bionic) with Linux 4.15.0-197.208. Several other kernel variants including linux-aws, linux-azure, and linux-gcp have also received corresponding fixes (Ubuntu Security).