How can this vulnerability impact me? :

This vulnerability can cause a kernel crash due to memory leaks and improper device removal in the Linux kernel's MMC driver. Such crashes can lead to system instability, potential denial of service, and loss of data or availability on affected systems.

Useful 0 Not Useful 0

Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's mmc subsystem, specifically in the rtsx_usb_sdmmc driver. The function mmc_add_host() may return an error, but if its return value is ignored, the memory allocated by mmc_alloc_host() is leaked. This leads to a kernel crash because the system attempts to delete a device that was never properly added during the removal process. The fix involves properly checking the return value of mmc_add_host() and freeing allocated memory in the error path, as well as calling led_classdev_unregister() and pm_runtime_disable().

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version where the issue with mmc_add_host() return value checking in the rtsx_usb_sdmmc driver is fixed. This fix ensures proper error handling by checking the return value of mmc_add_host(), freeing allocated memory with mmc_free_host() on error, and properly calling led_classdev_unregister() and pm_runtime_disable() in the remove path to prevent kernel crashes.

Useful 0 Not Useful 0