CVE-2022-50886
mmc: toshsd: fix return value check of mmc_add_host()
Description
In the Linux kernel, the following vulnerability has been resolved: mmc: toshsd: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path. So fix this by checking the return value and goto error path which will call mmc_free_host(), besides, free_irq() also needs be called.
INFO
Published Date :
Dec. 30, 2025, 1:16 p.m.
Last Modified :
Dec. 30, 2025, 1:16 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products
The following products are affected by CVE-2022-50886
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
Solution
- Check the return value of mmc_add_host().
- Call mmc_free_host() in the error path.
- Call free_irq() in the error path.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2022-50886.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2022-50886 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2022-50886
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2022-50886 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2022-50886 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Dec. 30, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: mmc: toshsd: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path. So fix this by checking the return value and goto error path which will call mmc_free_host(), besides, free_irq() also needs be called. Added Reference https://git.kernel.org/stable/c/3329e7b7132ca727263fb0ee214cf52cc6dcaaad Added Reference https://git.kernel.org/stable/c/34ae492f8d172f0bd193c24cad588b35419ea47a Added Reference https://git.kernel.org/stable/c/3dbb69a0242c31ea4c9eee22b1c41b515fe509a0 Added Reference https://git.kernel.org/stable/c/4f6cb1c685f9e20a4a9fa565e442f5af4dad70ff Added Reference https://git.kernel.org/stable/c/6444079767b68b1fbed0e7668081146e80dcb719 Added Reference https://git.kernel.org/stable/c/647e370dd0ef7e212d8d014bda748e461eab2e8c Added Reference https://git.kernel.org/stable/c/aabbedcb6c9a72d12d35dc672e83f0c8064d8a61 Added Reference https://git.kernel.org/stable/c/bfd77b194c94aefbde4efc30ddf8607dd9244672 Added Reference https://git.kernel.org/stable/c/f670744a316ea983113a65313dcd387b5a992444