CVE-2022-50858
Memory Leak and Kernel Crash in Linux MMC Alcor Driver
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to a Linux kernel version where the mmc: alcor driver has been fixed to properly check the return value of mmc_add_host() and free allocated memory on error paths to prevent kernel crashes.
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's MMC (MultiMediaCard) driver for Alcor devices. The function mmc_add_host() may return an error, but if its return value is ignored, the memory allocated by mmc_alloc_host() is leaked. This leads to a kernel crash because the system attempts to delete a device that was never successfully added during the removal process. The fix involves properly checking the return value of mmc_add_host() and freeing the allocated memory in case of an error.
How can this vulnerability impact me? :
This vulnerability can cause a kernel crash due to memory leaks and improper device removal handling. Such crashes can lead to system instability, potential denial of service, and loss of data or availability on affected Linux systems using the Alcor MMC driver.