CVE-2022-50347

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-50347
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50347.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-50347
Downstream
Related
Published
2025-09-16T16:11:39.891Z
Modified
2026-03-20T11:47:24.336639Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
Details

In the Linux kernel, the following vulnerability has been resolved:

mmc: rtsxusbsdmmc: fix return value check of mmcaddhost()

mmcaddhost() may return error, if we ignore its return value, the memory that allocated in mmcallochost() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path.

So fix this by checking the return value and calling mmcfreehost() in the error path, besides, ledclassdevunregister() and pmruntimedisable() also need be called.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50347.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c7f6558d84afe60016b8103c0737df6e376a1c2d
Fixed
d7ad7278be401b09c9f9a9f522cf4c449c7fd489
Fixed
e598c9683fe1cf97c2b11b800cc3cee072108220
Fixed
89303ddbb502c3bc8edbf864f9f85500c8fe07e9
Fixed
937112e991ed25d1727d878734adcbef3b900274
Fixed
7fa922c7a3dd623fd59f1af50e8896fd9ca7f654
Fixed
df683201c7ffbd21a806a7cad657b661c5ebfb6f
Fixed
1491667d5450778a265eddddd294219acfd648cb
Fixed
a522e26a20a43dcfbef9ee9f71ed803290e852b0
Fixed
fc38a5a10e9e5a75eb9189854abeb8405b214cc9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50347.json"