CVE-2022-50769

Vulnerability

Description

The MXC MMC driver in the Linux kernel, found in the file mxcmmc.c, contained a missing error check on the call to mmc_add_host(). The function mmc_add_host() may return an error code on failure. Without checking this return value, the driver could continue as if the host was successfully added, even when it was not. This oversight leads to two critical issues: memory allocated via mmc_alloc_host() would be leaked, and subsequent operations in the removal path would try to delete a device that was never added, causing a kernel crash [1][2][3][4].

Exploitation and

Impact

An attacker cannot directly trigger this vulnerability through user interaction; instead, the issue manifests when the kernel attempts to probe the MXC MMC device and the mmc_add_host() call fails (e.g., due to memory pressure or device registration errors). The impact is a denial-of-service (DoS) condition: the memory leak degrades system stability, and the kernel crash on removal halts system operation. The vulnerability is rated with a CVSS v3.1 base score of 4.7 (Medium), reflecting the need for specific hardware conditions or low resources to trigger failure.

Mitigation

The fix, included in Linux kernel stable updates, adds a return value check after mmc_add_host(). If the call fails, the driver now jumps to an error path that properly calls mmc_free_host(), preventing both the memory leak and the crash. Systems running an unpatched kernel are vulnerable; administrators should update to a kernel version containing the commit that addresses this issue [1][2][3][4].

References

The CVE description and multiple stable kernel commit references confirm the nature of the bug and the corrective patch [1][2][3][4].