Memory Leak in Linux Kernel Affecting rtsx_usb_sdmmc Devices

CVE-2022-50347

What is CVE-2022-50347?

A vulnerability in the Linux kernel's management of rtsx_usb_sdmmc devices could lead to memory leaks and potential kernel crashes. The issue arises when the return value of mmc_add_host() is ignored, preventing proper error handling during device addition. This oversight can result in the allocation of memory via mmc_alloc_host() without subsequent deallocation, ultimately causing instability in the system. Proper error handling measures, such as checking return values and freeing allocated memory using mmc_free_host(), are essential in mitigating this risk.

References