CVE-2022-50886

Vulnerability

The toschsd driver in the Linux kernel for Toshiba SD/MMC host controllers fails to check the return value of mmc_add_host(). If this function fails, the allocated memory from mmc_alloc_host() is not freed, leading to a memory leak. Moreover, on driver removal, the system attempts to delete a host device that was never successfully added, which can trigger a kernel crash [1][2].

Exploitation

An attacker would need to trigger a failure in mmc_add_host(), which could occur due to resource exhaustion or other transient errors during device initialization. No authentication is required, as the flaw is in the kernel's core device handling path. The attack surface is local, requiring the ability to cause the driver to bind to a Toshiba SD host controller and force the allocation to fail [3].

Impact

A successful exploit could result in a denial of service via kernel crash (NULL pointer dereference when removing a non-added device) or memory leak, potentially degrading system stability over time. No privilege escalation is described [4].

Mitigation

The fix has been applied in the Linux kernel stable branches. Patches are available in commits aabbedcb6c9a (version 1), bfd77b194c94, 34ae492f8d17, and 4f6cb1c685f9. System administrators should update to the latest kernel version containing these fixes [1][2][3][4].