| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122457-CVE-2022-50769-f4db@gregkh> Date: Wed, 24 Dec 2025 14:06:20 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50769: mmc: mxcmmc: fix return value check of mmc_add_host() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: mmc: mxcmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path. So fix this by checking the return value and goto error path which will call mmc_free_host(). The Linux kernel CVE team has assigned CVE-2022-50769 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.29 with commit d96be879ff469759af6d7fcebdb66237c18da6f8 and fixed in 4.9.337 with commit 5f35c038c9f4d258b3cf77885a2730f1417d63e7 Issue introduced in 2.6.29 with commit d96be879ff469759af6d7fcebdb66237c18da6f8 and fixed in 4.14.303 with commit 1cf0c1e58738b97e2de207846105b6a5d46622ee Issue introduced in 2.6.29 with commit d96be879ff469759af6d7fcebdb66237c18da6f8 and fixed in 4.19.270 with commit b8bdb3fd13d5cd1e86d22fd3f803a742fd88af89 Issue introduced in 2.6.29 with commit d96be879ff469759af6d7fcebdb66237c18da6f8 and fixed in 5.4.229 with commit 32eb502c972dfc34413c9147418b3d94d870c2b8 Issue introduced in 2.6.29 with commit d96be879ff469759af6d7fcebdb66237c18da6f8 and fixed in 5.10.163 with commit 3904eb97bb78fdca3e16d30a38ce5697b9686110 Issue introduced in 2.6.29 with commit d96be879ff469759af6d7fcebdb66237c18da6f8 and fixed in 5.15.86 with commit 2d496050ded83b13b16f05e1fc0329b0210d2493 Issue introduced in 2.6.29 with commit d96be879ff469759af6d7fcebdb66237c18da6f8 and fixed in 6.0.16 with commit d37474ab9a79149075f0823315c6d45dd983a78c Issue introduced in 2.6.29 with commit d96be879ff469759af6d7fcebdb66237c18da6f8 and fixed in 6.1.2 with commit d2ead18bc7cc166220cab5a744a05c5b69431a12 Issue introduced in 2.6.29 with commit d96be879ff469759af6d7fcebdb66237c18da6f8 and fixed in 6.2 with commit cde600af7b413c9fe03e85c58c4279df90e91d13 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50769 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/mmc/host/mxcmmc.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/5f35c038c9f4d258b3cf77885a2730f1417d63e7 https://git.kernel.org/stable/c/1cf0c1e58738b97e2de207846105b6a5d46622ee https://git.kernel.org/stable/c/b8bdb3fd13d5cd1e86d22fd3f803a742fd88af89 https://git.kernel.org/stable/c/32eb502c972dfc34413c9147418b3d94d870c2b8 https://git.kernel.org/stable/c/3904eb97bb78fdca3e16d30a38ce5697b9686110 https://git.kernel.org/stable/c/2d496050ded83b13b16f05e1fc0329b0210d2493 https://git.kernel.org/stable/c/d37474ab9a79149075f0823315c6d45dd983a78c https://git.kernel.org/stable/c/d2ead18bc7cc166220cab5a744a05c5b69431a12 https://git.kernel.org/stable/c/cde600af7b413c9fe03e85c58c4279df90e91d13
Powered by blists - more mailing lists