CVE-2022-50846 in Linuxinfo

Summary

by MITRE • 12/30/2025

In the Linux kernel, the following vulnerability has been resolved:

mmc: via-sdmmc: fix return value check of mmc_add_host()

mmc_add_host() may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmc_alloc_host() is leaked. 2. In the remove() path, mmc_remove_host() will be called to delete device, but it's not added yet, it will lead a kernel crash because of null-ptr-deref in device_del().

Fix this by checking the return value and goto error path which will call mmc_free_host().

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 04/26/2026

The vulnerability identified as CVE-2022-50846 resides within the Linux kernel's multimedia card host controller driver specifically targeting the via-sdmmc implementation. This flaw represents a critical programming error that demonstrates poor error handling practices in device driver development. The vulnerability occurs when the mmc_add_host() function, which is responsible for adding a multimedia card host controller to the system, fails to properly check its return value. When this function returns an error condition, the driver continues execution without proper error handling, creating a cascade of potential system failures that can lead to both resource exhaustion and system instability.

The technical implementation of this vulnerability stems from a fundamental flaw in the driver's error handling logic. The mmc_add_host() function is designed to allocate and register multimedia card host controller devices within the kernel's device model, but when it encounters an error during this process, it returns a non-zero error code. However, the via-sdmmc driver fails to capture and evaluate this return value, proceeding with execution as if the operation succeeded. This oversight creates a dangerous condition where memory allocation occurs through mmc_alloc_host() but is never properly managed due to the lack of error checking, leading to memory leaks that can accumulate over time and potentially exhaust system resources.

The operational impact of this vulnerability manifests in two distinct but related failure modes that can compromise system stability. The first issue involves memory leakage where allocated memory from mmc_alloc_host() becomes unrecoverable when the driver ignores the error return from mmc_add_host(). This memory leak represents a resource exhaustion threat that can degrade system performance over time, particularly in embedded systems or devices with limited memory resources. The second and more severe consequence occurs during device removal when mmc_remove_host() is called on a device that was never properly added to the system. This leads to a null pointer dereference in device_del() which causes immediate kernel crashes and system panics, effectively creating a denial of service condition that can bring the entire system to a halt.

This vulnerability aligns with CWE-252, which addresses "Unchecked Return Values," and represents a classic example of inadequate error handling in kernel space code. The flaw demonstrates poor adherence to secure coding practices and highlights the critical importance of proper resource management in operating system drivers. From an ATT&CK perspective, this vulnerability could be leveraged in privilege escalation scenarios where an attacker might exploit the memory leak to cause resource exhaustion or trigger the kernel panic to perform a denial of service attack. The fix implemented addresses this by introducing proper error checking that ensures any failure in mmc_add_host() results in appropriate error path execution, which calls mmc_free_host() to properly clean up allocated resources and prevent the subsequent kernel crash.

The resolution strategy for CVE-2022-50846 involves implementing proper error handling mechanisms that follow standard kernel development practices for device driver management. By checking the return value of mmc_add_host() and implementing appropriate goto error paths, the driver ensures that all allocated memory is properly freed through mmc_free_host() in error conditions. This approach follows established kernel patterns for resource management and prevents both the memory leak and the subsequent null pointer dereference that would otherwise cause kernel crashes. The fix demonstrates the importance of defensive programming in kernel space where every function call that can fail must be carefully checked and handled appropriately to maintain system stability and prevent security vulnerabilities that could be exploited by malicious actors.

Responsible

Linux

Reservation

12/30/2025

Disclosure

12/30/2025

Moderation

accepted

CPE

ready

EPSS

0.00239

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!