CVE-2022-50886
Memory Leak and Kernel Crash in Linux mmc: toshsd Driver
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's MMC subsystem, specifically in the toshsd driver. The function mmc_add_host() may return an error, but if this return value is ignored, the memory allocated by mmc_alloc_host() is not freed, causing a memory leak. This can lead to a kernel crash when the system attempts to delete a device that was never properly added. The fix involves checking the return value of mmc_add_host(), freeing the allocated memory with mmc_free_host(), and also calling free_irq() to properly release resources.
How can this vulnerability impact me? :
This vulnerability can cause a kernel crash due to memory leaks and improper device removal in the MMC subsystem. Such crashes can lead to system instability, downtime, and potential loss of data or service availability.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to a version where the mmc: toshsd driver properly checks the return value of mmc_add_host(), ensuring that memory leaks and kernel crashes are prevented. This fix involves proper error handling and freeing of resources in the driver code.