CVE-2022-50846
Null Pointer Dereference in Linux mmc_add_host() Causes Kernel Crash
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's mmc subsystem, specifically in the via-sdmmc driver. The function mmc_add_host() may return an error, but if its return value is ignored, two problems arise: first, memory allocated by mmc_alloc_host() is leaked; second, during device removal, mmc_remove_host() is called on a device that was never successfully added, causing a kernel crash due to a null pointer dereference in device_del(). The fix involves properly checking the return value of mmc_add_host() and handling errors by freeing allocated memory.
How can this vulnerability impact me? :
This vulnerability can lead to memory leaks and kernel crashes on affected Linux systems using the via-sdmmc driver. The kernel crash caused by a null pointer dereference can result in system instability or denial of service, potentially disrupting normal operations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the mmc: via-sdmmc driver includes the fix for checking the return value of mmc_add_host(). This prevents memory leaks and kernel crashes caused by null pointer dereferences. Until the update is applied, avoid using affected MMC devices if possible.