CVE-2022-50618
BaseFortify
Publication date: 2025-12-08
Last updated on: 2025-12-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's mmc subsystem, specifically in the meson-gx driver. The function mmc_add_host() may return an error, but if its return value is ignored, two problems arise: first, memory allocated by mmc_alloc_host() is leaked; second, during device removal, mmc_remove_host() is called on a device that was never successfully added, causing a kernel crash due to a null pointer dereference in device_del(). The fix involves properly checking the return value of mmc_add_host() and handling errors by freeing allocated memory.
How can this vulnerability impact me? :
This vulnerability can lead to memory leaks and kernel crashes on affected Linux systems. The memory leak can degrade system performance over time, while the kernel crash can cause system instability or downtime, potentially disrupting services or operations relying on the affected device driver.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the mmc: meson-gx driver includes the fix for the return value check of mmc_add_host(). This fix prevents memory leaks and kernel crashes by properly handling error returns. Until then, avoid using affected hardware or drivers if possible.