CVE-2022-50640

Summary

In the Linux kernel, the following vulnerability has been resolved:

mmc: core: Fix kernel panic when remove non-standard SDIO card

SDIO tuple is only allocated for standard SDIO card, especially it causes memory corruption issues when the non-standard SDIO card has removed, which is because the card device's reference counter does not increase for it at sdio_init_func(), but all SDIO card device reference counter gets decreased at sdio_release_func().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux6f51be3d37dff73cf8db771df4169f4c2f1cbf66 < b8b2965932e702b21e335ff30e1bb550f5a23b6faffected
LinuxLinux6f51be3d37dff73cf8db771df4169f4c2f1cbf66 < b3275dde570b6420106a715bb58a0af041b94d95affected
LinuxLinux6f51be3d37dff73cf8db771df4169f4c2f1cbf66 < 1fb79478695d92bab1c120ad3dad05252b02a29daffected
LinuxLinux6f51be3d37dff73cf8db771df4169f4c2f1cbf66 < 7a09c64b7da0abdec3919812e3d93ecc44069ed0affected
LinuxLinux6f51be3d37dff73cf8db771df4169f4c2f1cbf66 < 8bf037279b5869ae9331c42bb1527d2680ebba96affected
LinuxLinux6f51be3d37dff73cf8db771df4169f4c2f1cbf66 < 1e8cd93ae536581562bab4e1d8c5315bbc2548bfaffected
LinuxLinux6f51be3d37dff73cf8db771df4169f4c2f1cbf66 < 66d461a92f32b6995b630625d350259b6b1f961baffected
LinuxLinux6f51be3d37dff73cf8db771df4169f4c2f1cbf66 < 9972e6b404884adae9eec7463e30d9b3c9a70b18affected
LinuxLinux2.6.36affected
LinuxLinux0 < 2.6.36unaffected
LinuxLinux4.9.332 <= 4.9.*unaffected
LinuxLinux4.14.298 <= 4.14.*unaffected
LinuxLinux4.19.264 <= 4.19.*unaffected
LinuxLinux5.4.223 <= 5.4.*unaffected
LinuxLinux5.10.153 <= 5.10.*unaffected
LinuxLinux5.15.77 <= 5.15.*unaffected
LinuxLinux6.0.7 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

References