CVE-2023-54204

Summary

In the Linux kernel, the following vulnerability has been resolved:

mmc: sunplus: fix return value check of mmc_add_host()

mmc_add_host() may return error, if we ignore its return value,

  1. the memory allocated in mmc_alloc_host() will be leaked
  2. null-ptr-deref will happen when calling mmc_remove_host() in remove function spmmc_drv_remove() because deleting not added device.

Fix this by checking the return value of mmc_add_host(). Moreover, I fixed the error handling path of spmmc_drv_probe() to clean up.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4e268fed8b1861616af28f9cfb4eed8ca5d7af6c < 741a951f41929f39cae70c66d86d0754d3129d0aaffected
LinuxLinux4e268fed8b1861616af28f9cfb4eed8ca5d7af6c < dce6d8f985fa1ef5c2af47f4f86ea65511b78656affected
LinuxLinux6.2affected
LinuxLinux0 < 6.2unaffected
LinuxLinux6.4.12 <= 6.4.*unaffected
LinuxLinux6.5 <= *unaffected

Weaknesses

References