CVE-2022-50353 — NULL Pointer Dereference in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 17
Description
In the Linux kernel, the following vulnerability has been resolved:
mmc: wmt-sdmmc: fix return value check of mmc_add_host()
mmc_add_host() may return error, if we ignore its return value, the memory
that allocated in mmc_alloc_host() will be leaked and it will lead a kernel
crash because of deleting not added device in the remove path.
So fix this by checking the return value and goto error path which will call
mmc_free_host(), besides, clk_disable_unprepare() also needs be called.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
▶CVEListV5linux/linux3a96dff0f828ae9dfb43efd49a9b67a74c6dc360 — 70b0620afab3c69d95a7e2dd7ceff162a21c4009+8
Patches
🔴Vulnerability Details
2OSV▶
CVE-2022-50353: In the Linux kernel, the following vulnerability has been resolved: mmc: wmt-sdmmc: fix return value check of mmc_add_host() mmc_add_host() may return↗2025-09-17
GHSA▶
GHSA-cjfm-hc6q-wr8h: In the Linux kernel, the following vulnerability has been resolved:
mmc: wmt-sdmmc: fix return value check of mmc_add_host()
mmc_add_host() may retu↗2025-09-17
📋Vendor Advisories
2💬Community
1Bugzilla▶
CVE-2022-50353 kernel: Kernel: Denial of Service via improper return value check in mmc_add_host()↗2025-09-17