Memory Leak and Kernel Crash in Linux Kernel Due to MMC Host Management Flaw
CVE-2022-50618
What is CVE-2022-50618?
A vulnerability in the Linux kernel's MMC (MultiMediaCard) host management was identified wherein improper handling of return values from the mmc_add_host() function could lead to severe consequences. If the return value is neglected, it may result in memory allocations not being freed, causing a memory leak. Furthermore, during the device removal process, if mmc_remove_host() is called prematurely, it may attempt to delete a device that was never successfully added, leading to a catastrophic crash due to null pointer dereferencing in device_del(). The issue has been addressed by implementing an error-checking mechanism, ensuring that the appropriate clean-up actions are taken to prevent such failures.
Affected Version(s)
Linux 51c5d8447bd71b7e539c19c46a03b73c0e91fa66
Linux 51c5d8447bd71b7e539c19c46a03b73c0e91fa66 < 9e11c6bb745be4e9b325cf96031b4ea34801342d
Linux 51c5d8447bd71b7e539c19c46a03b73c0e91fa66 < 64b2c441171febf075bd9632aca579afda8ab9fb