CVE-2022-50207: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-50207 is a vulnerability discovered in the Linux kernel, specifically affecting the ARM BCM (Broadcom) subsystem. The issue was identified in the bcmkonasmcinit function where offindmatchingnode() returns a node pointer with an incremented refcount, but the code fails to use ofnodeput() to properly release the reference count when no longer needed (NVD, Wiz).

The vulnerability is a refcount leak in the ARM BCM subsystem of the Linux kernel. The technical issue occurs because the offindmatchingnode() function returns a node pointer with an incremented reference count, but the code path lacks the necessary ofnode_put() call to decrement the reference count when the node is no longer needed (Wiz).

The primary impact of this vulnerability is a memory leak in the kernel due to the reference count not being properly decremented. This could potentially lead to resource exhaustion over time if the affected code path is repeatedly executed (Wiz).

The vulnerability has been fixed by adding the missing ofnodeput() call to properly release the reference count when the node is no longer needed. Users should update their Linux kernel to a patched version that includes this fix. Several Linux distributions have released updates addressing this vulnerability, including Ubuntu which has fixed versions available for multiple releases (Ubuntu, Wiz).