CVE-2022-50267

Summary

In the Linux kernel, the following vulnerability has been resolved:

mmc: rtsx_pci: fix return value check of mmc_add_host()

mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path.

So fix this by checking the return value and calling mmc_free_host() in the error path, beside, runtime PM also needs be disabled.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxff984e57d36e8ac468849a144a36f1c11f88b61c < 30dc645461dfc63e52b3af8ee4a98e17bf14bacfaffected
LinuxLinuxff984e57d36e8ac468849a144a36f1c11f88b61c < 5cd4e04eccaec140da6fa04db056a76282ee6852affected
LinuxLinuxff984e57d36e8ac468849a144a36f1c11f88b61c < ffa9b2a79e3e959683efbad3f6db937eca9d38f5affected
LinuxLinuxff984e57d36e8ac468849a144a36f1c11f88b61c < 0c87db77423a282b3b38b8a6daf057b822680516affected
LinuxLinux3.8affected
LinuxLinux0 < 3.8unaffected
LinuxLinux5.15.86 <= 5.15.*unaffected
LinuxLinux6.0.16 <= 6.0.*unaffected
LinuxLinux6.1.2 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

References