| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091504-CVE-2022-50268-bcdf@gregkh> Date: Mon, 15 Sep 2025 16:21:10 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50268: mmc: moxart: fix return value check of mmc_add_host() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: mmc: moxart: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path. So fix this by checking the return value and goto error path which will call mmc_free_host(). The Linux kernel CVE team has assigned CVE-2022-50268 to this issue. Affected and fixed versions =========================== Issue introduced in 3.16 with commit 1b66e94e6b9995323190f31c51d8e1a6f516627e and fixed in 4.9.337 with commit a4c765f5d8e58138cff69f1510b2e8942ec37022 Issue introduced in 3.16 with commit 1b66e94e6b9995323190f31c51d8e1a6f516627e and fixed in 4.14.303 with commit a94d466f31a5201995d39bc1208e2c09ab04f0bf Issue introduced in 3.16 with commit 1b66e94e6b9995323190f31c51d8e1a6f516627e and fixed in 4.19.270 with commit c7e9a2059fb943fc3c3fa12261518fd72a0fc136 Issue introduced in 3.16 with commit 1b66e94e6b9995323190f31c51d8e1a6f516627e and fixed in 5.4.229 with commit b174f2b36c638fc7737df6c8aac1889a646be98f Issue introduced in 3.16 with commit 1b66e94e6b9995323190f31c51d8e1a6f516627e and fixed in 5.10.163 with commit 7c3b301ca8b0cab392c71da8fcdfa499074f8e97 Issue introduced in 3.16 with commit 1b66e94e6b9995323190f31c51d8e1a6f516627e and fixed in 5.15.86 with commit f0502fe86a2db2336c9498d2de3e97f22dcf85ae Issue introduced in 3.16 with commit 1b66e94e6b9995323190f31c51d8e1a6f516627e and fixed in 6.0.16 with commit 8f8bb62c7c5c833758ef1563fe738afd579c3efe Issue introduced in 3.16 with commit 1b66e94e6b9995323190f31c51d8e1a6f516627e and fixed in 6.1.2 with commit 40aa73c70e8a5706f9cbe01409a5e51cc0f1750e Issue introduced in 3.16 with commit 1b66e94e6b9995323190f31c51d8e1a6f516627e and fixed in 6.2 with commit 0ca18d09c744fb030ae9bc5836c3e357e0237dea Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50268 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/mmc/host/moxart-mmc.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/a4c765f5d8e58138cff69f1510b2e8942ec37022 https://git.kernel.org/stable/c/a94d466f31a5201995d39bc1208e2c09ab04f0bf https://git.kernel.org/stable/c/c7e9a2059fb943fc3c3fa12261518fd72a0fc136 https://git.kernel.org/stable/c/b174f2b36c638fc7737df6c8aac1889a646be98f https://git.kernel.org/stable/c/7c3b301ca8b0cab392c71da8fcdfa499074f8e97 https://git.kernel.org/stable/c/f0502fe86a2db2336c9498d2de3e97f22dcf85ae https://git.kernel.org/stable/c/8f8bb62c7c5c833758ef1563fe738afd579c3efe https://git.kernel.org/stable/c/40aa73c70e8a5706f9cbe01409a5e51cc0f1750e https://git.kernel.org/stable/c/0ca18d09c744fb030ae9bc5836c3e357e0237dea
Powered by blists - more mailing lists