CVE-2022-50653
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's atmel-mci driver related to the function mmc_add_host(). The function mmc_add_host() may return an error, but if this return value is ignored, it can cause two problems: first, memory allocated by mmc_alloc_host() is leaked; second, during device removal, mmc_remove_host() is called on a device that was never successfully added, leading to a kernel crash due to a null pointer dereference in device_del(). The fix involves properly checking the return value of mmc_add_host() and freeing the allocated memory if an error occurs.
How can this vulnerability impact me? :
This vulnerability can lead to memory leaks and kernel crashes on systems using the affected Linux kernel with the atmel-mci driver. A kernel crash can cause system instability, downtime, and potential data loss or corruption. Memory leaks may degrade system performance over time.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the mmc: atmel-mci driver properly checks the return value of mmc_add_host() and frees allocated memory on error paths. This prevents memory leaks and kernel crashes due to null pointer dereferences. Until an update is applied, avoid using vulnerable versions of the kernel with the affected driver.