CVE-2022-50858

Summary

In the Linux kernel, the following vulnerability has been resolved:

mmc: alcor: fix return value check of mmc_add_host()

mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path.

So fix this by checking the return value and calling mmc_free_host() in the error path.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc5413ad815a675b5c98a002353d8e96b44b164e9 < 289c964fe182ce755044a6cd57698072e12ffa6faffected
LinuxLinuxc5413ad815a675b5c98a002353d8e96b44b164e9 < 4a6e5d0222804a3eaf2ea4cf893f412e7cf98cb2affected
LinuxLinuxc5413ad815a675b5c98a002353d8e96b44b164e9 < 29c5b4da41f35108136d843c7432885c78cf8272affected
LinuxLinuxc5413ad815a675b5c98a002353d8e96b44b164e9 < 48dc06333d75f41c2ce9ba954bc3231324b45914affected
LinuxLinuxc5413ad815a675b5c98a002353d8e96b44b164e9 < 60fafcf2fb7ee9a4125dc9a86eeb9d490acf23e2affected
LinuxLinuxc5413ad815a675b5c98a002353d8e96b44b164e9 < e93d1468f429475a753d6baa79b853b7ee5ef8c0affected
LinuxLinux5.0affected
LinuxLinux0 < 5.0unaffected
LinuxLinux5.4.229 <= 5.4.*unaffected
LinuxLinux5.10.163 <= 5.10.*unaffected
LinuxLinux5.15.86 <= 5.15.*unaffected
LinuxLinux6.0.16 <= 6.0.*unaffected
LinuxLinux6.1.2 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

References