CVE-2022-50347

Summary

In the Linux kernel, the following vulnerability has been resolved:

mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()

mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path.

So fix this by checking the return value and calling mmc_free_host() in the error path, besides, led_classdev_unregister() and pm_runtime_disable() also need be called.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc7f6558d84afe60016b8103c0737df6e376a1c2d < d7ad7278be401b09c9f9a9f522cf4c449c7fd489affected
LinuxLinuxc7f6558d84afe60016b8103c0737df6e376a1c2d < e598c9683fe1cf97c2b11b800cc3cee072108220affected
LinuxLinuxc7f6558d84afe60016b8103c0737df6e376a1c2d < 89303ddbb502c3bc8edbf864f9f85500c8fe07e9affected
LinuxLinuxc7f6558d84afe60016b8103c0737df6e376a1c2d < 937112e991ed25d1727d878734adcbef3b900274affected
LinuxLinuxc7f6558d84afe60016b8103c0737df6e376a1c2d < 7fa922c7a3dd623fd59f1af50e8896fd9ca7f654affected
LinuxLinuxc7f6558d84afe60016b8103c0737df6e376a1c2d < df683201c7ffbd21a806a7cad657b661c5ebfb6faffected
LinuxLinuxc7f6558d84afe60016b8103c0737df6e376a1c2d < 1491667d5450778a265eddddd294219acfd648cbaffected
LinuxLinuxc7f6558d84afe60016b8103c0737df6e376a1c2d < a522e26a20a43dcfbef9ee9f71ed803290e852b0affected
LinuxLinuxc7f6558d84afe60016b8103c0737df6e376a1c2d < fc38a5a10e9e5a75eb9189854abeb8405b214cc9affected
LinuxLinux3.16affected
LinuxLinux0 < 3.16unaffected
LinuxLinux4.9.337 <= 4.9.*unaffected
LinuxLinux4.14.303 <= 4.14.*unaffected
LinuxLinux4.19.270 <= 4.19.*unaffected
LinuxLinux5.4.229 <= 5.4.*unaffected
LinuxLinux5.10.163 <= 5.10.*unaffected
LinuxLinux5.15.86 <= 5.15.*unaffected
LinuxLinux6.0.16 <= 6.0.*unaffected
LinuxLinux6.1.2 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References