Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's mmc subsystem, specifically in the wmt-sdmmc driver. The function mmc_add_host() may return an error, but if its return value is ignored, the memory allocated by mmc_alloc_host() will be leaked. This can lead to a kernel crash because the system attempts to delete a device that was never successfully added. The fix involves properly checking the return value of mmc_add_host() and handling errors by freeing allocated memory and disabling the clock as needed.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

If this vulnerability is exploited or triggered, it can cause a kernel crash due to memory leaks and improper device removal. This can lead to system instability, potential denial of service, and unexpected reboots or downtime on affected Linux systems using the vulnerable driver.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The vulnerability is fixed by ensuring the return value of mmc_add_host() is properly checked to avoid memory leaks and kernel crashes. Immediate mitigation involves applying the patch that includes this fix, which checks the return value and calls mmc_free_host() and clk_disable_unprepare() as needed. Until the patch is applied, avoid using affected versions of the Linux kernel or update to a fixed version.

Useful 0 Not Useful 0