CVE-2022-50670 in Linuxinfo

Summary

by MITRE • 12/09/2025

In the Linux kernel, the following vulnerability has been resolved:

mmc: omap_hsmmc: fix return value check of mmc_add_host()

mmc_add_host() may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmc_alloc_host() is leaked. 2. In the remove() path, mmc_remove_host() will be called to delete device, but it's not added yet, it will lead a kernel crash because of null-ptr-deref in device_del().

Fix this by checking the return value and goto error path wihch will call mmc_free_host().

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 03/29/2026

The vulnerability identified as CVE-2022-50670 resides within the Linux kernel's mmc subsystem, specifically in the omap_hsmmc driver implementation. This flaw represents a critical oversight in error handling that can lead to both resource leakage and system instability. The issue manifests when the mmc_add_host() function is called without proper validation of its return status, creating a dangerous scenario where subsequent operations proceed despite failed initialization. The vulnerability is classified under CWE-755 as an improper handling of a known error condition, and it directly impacts the kernel's device management framework through improper error propagation.

The technical flaw occurs at the interface between memory allocation and device registration within the MMC (MultiMediaCard) host controller driver. When mmc_alloc_host() successfully allocates memory for the host structure, the subsequent call to mmc_add_host() may fail due to various conditions such as resource exhaustion or device conflicts. However, the original code fails to check this return value, allowing execution to continue under the assumption that the host has been properly registered. This oversight creates a fundamental disconnect between the allocation phase and the registration phase of device management, where the allocated memory remains unreferenced and the device registration state becomes inconsistent.

The operational impact of this vulnerability extends beyond simple memory leaks to encompass potential system crashes and kernel instability. The first issue involves memory leakage where the memory allocated by mmc_alloc_host() becomes unreachable when mmc_add_host() fails, creating a resource leak that can accumulate over time and potentially lead to system performance degradation or out-of-memory conditions. The second and more severe issue occurs during device removal when mmc_remove_host() is called on a device that was never properly added, resulting in a null pointer dereference within device_del() function. This null pointer dereference constitutes a kernel panic scenario that can bring the entire system down, making this vulnerability particularly dangerous in production environments where system stability is paramount.

The fix implemented addresses both aspects of this vulnerability through proper error handling mechanisms. The solution involves checking the return value of mmc_add_host() and implementing a proper error path that executes mmc_free_host() to clean up allocated resources when initialization fails. This approach follows the standard kernel pattern of error handling where resource cleanup must occur in the reverse order of allocation, ensuring that no memory leaks occur and that the system state remains consistent. The remediation aligns with ATT&CK technique T1068 by preventing privilege escalation through kernel-level resource management flaws, and it directly addresses the kernel's device management subsystem security posture by ensuring proper state transitions and resource handling. The fix demonstrates proper defensive programming practices that are essential in kernel space where resource leaks and state inconsistencies can lead to severe security implications and system instability.

Responsible

Linux

Reservation

12/09/2025

Disclosure

12/09/2025

Moderation

accepted

CPE

ready

EPSS

0.00214

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!