CVE-2022-49432

MEDIUMNVD 5.55.5—

5.5

In the Linux kernel, the following vulnerability has been resolved:

powerpc/xics: fix refcount leak in icp_opal_init()

The of_find_compatible_node() function returns a node pointer with refcount incremented, use of_node_put() on it when done.

CVSS v3: 5.5
EG Score: 5.5(medium)
EPSS: 16.4%
KEV: Not listed

Published

February 26, 2025

Last Modified

October 22, 2025

References (9)

416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1d5c8cea85fb1680eae8d645b96b92146cb4633c
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2357bd7499a81c70b460e2191852bbfc7b63c354
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/537a317e5ff45d1f5a0ecaf6a0d7c8043c878cb1
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/53f3f7f73e609b934083f896cb7ca2c2cb009b9f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/5dd9e27ea4a39f7edd4bf81e9e70208e7ac0b7c9
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6a61a97106279c2aa16fbbb2a171fd5dde127d23
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/977dbc81d0f866ef63b93c127b7404f07734b3cc
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9a42bc2494fadb453de00ce61042e588563ddc6d
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/df802880a7f9cd96b921b00639b00871f18a9a57

Patch Availability(1)

Vendor / Ecosystem	Fixed in / Patch	Released	Source
redhat	kernel-0:5.14.0-611.5.1.el9_7	2025-11-11	redhat

Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.

All Vendor Advisories

(1)

Every vendor that published an advisory referencing this CVE — pulled from our cve_vendor_advisories aggregation. Click any row for the vendor's original advisory page.

Red HatRHSA-2025:20518LOW2025-02-26
RHSA-2025:20518 — Low

Data Freshness Timeline

(refreshed 14× in last 7d / 49× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

2026-06-23 21:31 UTCEPSS rescore
2026-06-23 21:31 UTCEPSS rescore
2026-06-22 14:24 UTCEPSS rescore
2026-06-21 14:55 UTCEPSS rescore
2026-06-21 14:55 UTCEPSS rescore
2026-06-21 01:58 UTCEPSS rescore
2026-06-21 01:58 UTCEPSS rescore
2026-06-19 19:24 UTCEPSS rescore
2026-06-19 19:24 UTCEPSS rescore
2026-06-18 20:43 UTCOSV refresh
2026-06-18 17:51 UTCEPSS rescore
2026-06-18 17:51 UTCEPSS rescore
2026-06-17 17:51 UTCEPSS rescore
2026-06-17 17:51 UTCEPSS rescore
2026-06-16 17:51 UTCEPSS rescore
2026-06-16 17:51 UTCEPSS rescore
2026-06-15 17:47 UTCEPSS rescore
2026-06-14 23:16 UTCEPSS rescore
2026-06-13 22:59 UTCEPSS rescore
2026-06-12 23:10 UTCEPSS rescore
2026-06-12 23:10 UTCEPSS rescore
2026-06-11 13:58 UTCEPSS rescore
2026-06-11 13:58 UTCEPSS rescore
2026-06-10 13:21 UTCEPSS rescore
2026-06-10 13:21 UTCEPSS rescore

Show 24 more

2026-06-08 14:15 UTCEPSS rescore
2026-06-08 14:15 UTCEPSS rescore
2026-06-07 15:23 UTCEPSS rescore
2026-06-07 15:23 UTCEPSS rescore
2026-06-06 13:46 UTCEPSS rescore
2026-06-06 13:46 UTCEPSS rescore
2026-06-05 22:46 UTCEPSS rescore
2026-06-05 22:46 UTCEPSS rescore
2026-06-05 06:09 UTCEPSS rescore
2026-06-05 06:09 UTCEPSS rescore
2026-06-04 13:11 UTCEPSS rescore
2026-06-02 20:12 UTCEPSS rescore
2026-06-02 20:12 UTCEPSS rescore
2026-06-01 13:50 UTCEPSS rescore
2026-06-01 13:50 UTCEPSS rescore
2026-05-31 22:29 UTCEPSS rescore
2026-05-31 22:29 UTCEPSS rescore
2026-05-31 00:15 UTCEPSS rescore
2026-05-31 00:15 UTCEPSS rescore
2026-05-30 10:55 UTCEG score recompute
2026-05-30 10:55 UTCVendor advisory
2026-05-30 10:55 UTCGHSA enrichment
2026-05-30 01:35 UTCOSV refresh
2026-05-29 13:43 UTCEPSS rescore

Frequently asked(5)

What is CVE-2022-49432?

CVE-2022-49432 is a medium vulnerability published on February 26, 2025. In the Linux kernel, the following vulnerability has been resolved: powerpc/xics: fix refcount leak in icpopalinit() The offindcompatible_node() function returns a node pointer with refcount incremented, use ofnodeput() on it when done.

When was CVE-2022-49432 disclosed?

CVE-2022-49432 was first published in the National Vulnerability Database on February 26, 2025, with the most recent update on October 22, 2025. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2022-49432 actively exploited?

CVE-2022-49432 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 16.4% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.

What is the CVSS score of CVE-2022-49432?

CVE-2022-49432 has a CVSS v3 base score of 5.5 (NVD).

How do I remediate CVE-2022-49432?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2022-49432, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2022-49432

Explore →

Is Your Infrastructure Affected by CVE-2022-49432?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs