CVE-2022-50268
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2025-12-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mmc: moxart: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path. So fix this by checking the return value and goto error path which will call mmc_free_host().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2025-12-03
Generated
2026-06-16
AI Q&A
2025-09-15
EPSS Evaluated
2026-06-15
NVD
CVE-2022-50268
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 3.16 (inc) to 4.9.337 (exc)
linux linux_kernel From 4.10 (inc) to 4.14.303 (exc)
linux linux_kernel From 4.15 (inc) to 4.19.270 (exc)
linux linux_kernel From 4.20 (inc) to 5.4.229 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.163 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.86 (exc)
linux linux_kernel From 5.16 (inc) to 6.0.16 (exc)
linux linux_kernel From 6.1 (inc) to 6.1.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's mmc (MultiMediaCard) driver for moxart. The function mmc_add_host() may return an error, but its return value was not properly checked. Ignoring this error causes a memory leak from mmc_alloc_host() and can lead to a kernel crash when the system tries to delete a device that was never successfully added. The fix involves checking the return value of mmc_add_host() and properly freeing allocated memory if an error occurs.

Impact Analysis

This vulnerability can cause a memory leak in the Linux kernel, which may lead to a kernel crash. A kernel crash can result in system instability, downtime, and potential loss of data or service availability.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version where the mmc: moxart driver includes the fix for proper return value checking of mmc_add_host(). This prevents memory leaks and kernel crashes by ensuring error returns are handled correctly.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50268. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart