CVE-2022-50670
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's mmc subsystem, specifically in the omap_hsmmc driver. The function mmc_add_host() may return an error, but if its return value is ignored, two issues arise: first, memory allocated by mmc_alloc_host() is leaked; second, during device removal, mmc_remove_host() is called on a device that was never successfully added, causing a kernel crash due to a null pointer dereference in device_del(). The fix involves properly checking the return value of mmc_add_host() and handling errors by freeing allocated memory.
How can this vulnerability impact me? :
This vulnerability can lead to memory leaks and kernel crashes on affected Linux systems. A kernel crash can cause system instability, downtime, and potential data loss. Memory leaks may degrade system performance over time. These impacts can affect the reliability and availability of systems using the vulnerable driver.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your Linux kernel to a version that includes the fix for the mmc_add_host() return value check in the omap_hsmmc driver. This fix ensures proper error handling to prevent memory leaks and kernel crashes. Avoid using vulnerable kernel versions and apply vendor-provided patches as soon as possible.