CVE-2022-50858

mmcaddhost() may return error, if we ignore its return value, the memory that allocated in mmcallochost() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path.

So fix this by checking the return value and calling mmcfreehost() in the error path.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50858.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c5413ad815a675b5c98a002353d8e96b44b164e9

Fixed

289c964fe182ce755044a6cd57698072e12ffa6f

Fixed

4a6e5d0222804a3eaf2ea4cf893f412e7cf98cb2

Fixed

29c5b4da41f35108136d843c7432885c78cf8272

Fixed

48dc06333d75f41c2ce9ba954bc3231324b45914

Fixed

60fafcf2fb7ee9a4125dc9a86eeb9d490acf23e2

Fixed

e93d1468f429475a753d6baa79b853b7ee5ef8c0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50858.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0.0

Fixed

5.4.229

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.163

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.86

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.0.16

Type: ECOSYSTEM
Events: Introduced

6.1.0

Fixed

6.1.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50858.json"