CVE-2022-50111: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-50111 affects the Linux kernel and involves a refcount leak bug in the ASoC (ALSA System on Chip) mt6359 audio codec driver. The vulnerability was discovered in the mt6359_parse_dt() and mt6359_accdet_parse_dt() functions, where the reference count was not properly managed for nodes returned by of_get_child_by_name() (NVD).

The vulnerability stems from improper reference counting in the mt6359 audio codec driver. Specifically, the functions mt6359_parse_dt() and mt6359_accdet_parse_dt() fail to call of_node_put() for references returned by of_get_child_by_name(), which increases the refcount. This oversight leads to a reference count leak in the kernel (Debian Tracker).

A reference count leak in the kernel can lead to resource exhaustion over time, potentially affecting system stability and performance. The issue affects multiple Linux distributions including Debian and Ubuntu systems running the vulnerable kernel versions (Wiz).

The vulnerability has been fixed in various Linux distributions. Debian has addressed this in version 6.1.137-1 for bookworm and 6.12.31-1 for trixie releases. Users should update their systems to the latest available kernel version that includes the fix (Debian Tracker).