CVE-2022-50858

Vulnerability

Overview

In the Linux kernel's mmc: alcor driver, the function mmc_add_host() may return an error, but the driver previously ignored its return value. If mmc_add_host() fails, the memory allocated by mmc_alloc_host() is not freed, leading to a memory leak. Additionally, the driver's remove path attempts to delete a device that was never successfully added, causing a kernel crash [1].

Exploitation

Prerequisites

This vulnerability is triggered during the driver's during driver initialization when mmc when mmc_add_host()` fails. No special privileges are required; the attack surface is local attacker could be triggered by a hardware failure or resource exhaustion that causes the host addition to fail. The attacker would need to be able to influence the system's hardware state or resource availability to cause the failure [1].

Impact

If exploited, the vulnerability results in a memory leak and a kernel crash (NULL pointer dereference) when the driver is removed. This can lead to denial of service (DoS) service (system crash) and potential instability [1].

Mitigation

The fix has been applied in the Linux kernel stable tree. The commit adds a check for the return value of mmc_add_host() and calls mmc_free_host() in the error path to properly clean up resources [1]. Users should update to a kernel version containing this fix.