CVE-2022-50120: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability was identified in the Linux kernel's remoteproc imxrproc component, tracked as CVE-2022-50120. The issue involves a refcount leak in the imxrprocaddrinit function, where ofparsephandle() returns a node pointer with refcount incremented, but two paths in the function are missing the required ofnodeput() call to properly manage the reference count (NVD, Wiz).

The vulnerability stems from improper reference counting in the imxrprocaddrinit function of the Linux kernel's remoteproc subsystem. When ofparsephandle() is called, it returns a node pointer with an incremented reference count. The function has two execution paths that fail to call ofnode_put() to decrement this reference count when the node is no longer needed, resulting in a memory leak (Wiz).

The primary impact of this vulnerability is a memory leak in the Linux kernel due to improper reference counting. While this may not lead to immediate system compromise, it could result in resource exhaustion over time if the affected code path is repeatedly executed (Wiz).

The vulnerability has been resolved through a patch that adds the missing ofnodeput() calls in the two affected execution paths within the imxrprocaddr_init function. Users should update their Linux kernel to a version that includes this fix. For Debian systems, the fix is available in versions 6.1.137-1 and later (Debian Tracker).