| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123047-CVE-2022-50858-f41c@gregkh> Date: Tue, 30 Dec 2025 13:19:54 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50858: mmc: alcor: fix return value check of mmc_add_host() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: mmc: alcor: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path. So fix this by checking the return value and calling mmc_free_host() in the error path. The Linux kernel CVE team has assigned CVE-2022-50858 to this issue. Affected and fixed versions =========================== Issue introduced in 5.0 with commit c5413ad815a675b5c98a002353d8e96b44b164e9 and fixed in 5.4.229 with commit 289c964fe182ce755044a6cd57698072e12ffa6f Issue introduced in 5.0 with commit c5413ad815a675b5c98a002353d8e96b44b164e9 and fixed in 5.10.163 with commit 4a6e5d0222804a3eaf2ea4cf893f412e7cf98cb2 Issue introduced in 5.0 with commit c5413ad815a675b5c98a002353d8e96b44b164e9 and fixed in 5.15.86 with commit 29c5b4da41f35108136d843c7432885c78cf8272 Issue introduced in 5.0 with commit c5413ad815a675b5c98a002353d8e96b44b164e9 and fixed in 6.0.16 with commit 48dc06333d75f41c2ce9ba954bc3231324b45914 Issue introduced in 5.0 with commit c5413ad815a675b5c98a002353d8e96b44b164e9 and fixed in 6.1.2 with commit 60fafcf2fb7ee9a4125dc9a86eeb9d490acf23e2 Issue introduced in 5.0 with commit c5413ad815a675b5c98a002353d8e96b44b164e9 and fixed in 6.2 with commit e93d1468f429475a753d6baa79b853b7ee5ef8c0 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50858 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/mmc/host/alcor.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/289c964fe182ce755044a6cd57698072e12ffa6f https://git.kernel.org/stable/c/4a6e5d0222804a3eaf2ea4cf893f412e7cf98cb2 https://git.kernel.org/stable/c/29c5b4da41f35108136d843c7432885c78cf8272 https://git.kernel.org/stable/c/48dc06333d75f41c2ce9ba954bc3231324b45914 https://git.kernel.org/stable/c/60fafcf2fb7ee9a4125dc9a86eeb9d490acf23e2 https://git.kernel.org/stable/c/e93d1468f429475a753d6baa79b853b7ee5ef8c0
Powered by blists - more mailing lists