CVE-2023-54204
Null Pointer Dereference in Linux Kernel MMC Sunplus Driver
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sunplus | mmc | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's sunplus MMC driver. The function mmc_add_host() may return an error, but if this return value is ignored, it can cause two issues: memory allocated by mmc_alloc_host() will be leaked, and a null pointer dereference can occur when mmc_remove_host() is called during device removal. This happens because the driver attempts to delete a device that was never successfully added. The fix involves properly checking the return value of mmc_add_host() and improving error handling in the spmmc_drv_probe() function to clean up correctly.
How can this vulnerability impact me? :
The impact of this vulnerability includes potential memory leaks and null pointer dereferences in the Linux kernel's sunplus MMC driver. Memory leaks can degrade system performance or stability over time, while null pointer dereferences can cause kernel crashes or system instability, potentially leading to denial of service conditions.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the mmc: sunplus driver, which properly checks the return value of mmc_add_host() and handles errors correctly in spmmc_drv_probe().