CVE-2022-50640
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mmc: core: Fix kernel panic when remove non-standard SDIO card SDIO tuple is only allocated for standard SDIO card, especially it causes memory corruption issues when the non-standard SDIO card has removed, which is because the card device's reference counter does not increase for it at sdio_init_func(), but all SDIO card device reference counter gets decreased at sdio_release_func().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-06-16
AI Q&A
2025-12-09
EPSS Evaluated
2026-06-15
NVD
CVE-2022-50640
EUVD
EUVD-2022-55716
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's MMC core when a non-standard SDIO card is removed. The issue arises because the SDIO tuple is only allocated for standard SDIO cards, and the reference counter for the non-standard SDIO card device is not increased during initialization. However, the reference counter is decreased upon removal, leading to memory corruption and potentially causing a kernel panic.

Impact Analysis

This vulnerability can cause the Linux kernel to panic when a non-standard SDIO card is removed, which may lead to system crashes or instability. This can disrupt normal operations and potentially cause data loss or downtime.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50640. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart