CVE-2022-50769
Memory Leak and Kernel Crash in Linux mxcmmc Driver Due to Improper Error Handling
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's mmc subsystem, specifically in the mxcmmc driver. The function mmc_add_host() may return an error, but if its return value is ignored, the memory allocated by mmc_alloc_host() is leaked. This memory leak can lead to a kernel crash because the system attempts to delete a device that was never successfully added during the remove path. The fix involves properly checking the return value of mmc_add_host() and, on error, freeing the allocated memory to prevent the crash.
How can this vulnerability impact me? :
This vulnerability can cause a kernel crash due to memory leaks and improper device removal handling. Such crashes can lead to system instability, downtime, and potential loss of data or service availability on affected Linux systems using the vulnerable mmc driver.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your Linux kernel to a version that includes the fix for the mmc_add_host() return value check in the mxcmmc driver. This ensures that memory leaks and potential kernel crashes caused by ignoring the return value are prevented.