CVE-2022-50640Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources
Severity
5.1MEDIUM
No vector
EPSS
0.0%
top 85.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: mmc: core: Fix kernel panic when remove non-standard SDIO card SDIO tuple is only allocated for standard SDIO card, especially it causes memory corruption issues when the non-standard SDIO card has removed, which is because the card device's reference counter does not increase for it at sdio_init_func(), but all SDIO card device reference counter gets decreased at sdio_release_func().

Affected Packages4 packages

Linuxlinux/linux_kernel2.6.364.9.332+6
Debianlinux/linux_kernel< 5.10.158-1+3
CVEListV5linux/linux6f51be3d37dff73cf8db771df4169f4c2f1cbf66b8b2965932e702b21e335ff30e1bb550f5a23b6f+8
debiandebian/linux< linux 6.0.7-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-4w99-c287-2jvj: In the Linux kernel, the following vulnerability has been resolved: mmc: core: Fix kernel panic when remove non-standard SDIO card SDIO tuple is onl2025-12-09
OSV
CVE-2022-50640: In the Linux kernel, the following vulnerability has been resolved: mmc: core: Fix kernel panic when remove non-standard SDIO card SDIO tuple is only2025-12-09
OSV
mmc: core: Fix kernel panic when remove non-standard SDIO card2025-12-09

📋Vendor Advisories

2
Red Hat
kernel: mmc: core: Fix kernel panic when remove non-standard SDIO card2025-12-09
Debian
CVE-2022-50640: linux - In the Linux kernel, the following vulnerability has been resolved: mmc: core: ...2022